Encryption using Veracrypt on the Raspberry Pi Cluster
One of the objectives for the Raspberry Pi cluster is to manage a number of servers including syncing their contents and backing up databases. The data included may contain personal information so they are always backed up to an encrypted drive. This means I need to be able to access the encrypted content on the Raspberry Pi Cluster.
What is Veracrypt?
Veracrypt is a piece of software that allows on the fly encryption. This means that while you are writing to a veracrypt volume the file is immediately encrypted. In addition to this when reading files from a veracrypt volume they are decrypted as they are read.
To encrypt your data, Veracrypt allows encrypting full disk partitions or creating an encrypted file. Both of these act like a partition once opened and provide transparent encryption. The volumes can be protected by a number of methods including passwords and keyfiles.
However on the fly encryption adds additional slowdown when writing or reading data since it must be encrypted/decrypted first. For systems that support this at the hardware layer this slowdown can be very minor.
Veracrypt is based on the popular encryption software Truecrypt that was discontinued on the 28th of May, 2014. A number of improvements have been made to the software since being forked and is my chosen method of full disk encryption.
The Raspberry Pi’s do not appear to have hardware crypto support so it is likely to be slow encrypting files. This is something that I am going to need to be aware of.
Installing Veracrypt on a Raspberry Pi
Veracrypt includes a binary compiled for Raspbian which can be downloaded from their website.
To install the downloaded files you can run:
tar -xf veracrypt-1.19-raspbian-setup.tar.bz2 chmod u+x veracrypt-1.19-setup-console-armv7 sudo ./veracrypt-1.19-setup-console-armv7
The first line uncompressed the file. Once it has been extracted it needs to be made executable by running chmod
. Since I only want to run the program on the command line I have made the command line program executable. The final line then runs the installer.
Pressing 1
during the installer will install veracrypt. This will prompt you to read the terms and conditions. Once they have been read q
will quit out and then entering yes
will accept the terms.
Once this has been done running veracrypt should give a prompt explaining its usage.
However if when running this command you get the below error:
error while loading shared libraries: libwx_baseu-3.0.so.0: cannot open shared object file: No such file or directory
You will need to install libwxbase 3.0 which can be done by running the below command:
sudo apt-get install libwxbase3.0-0
Once this has been done Veracrypt should be ready to use.
I wont be documenting its use in this blog post but once you have an encrypted volume or file you can mount and decrypt it using
veracrypt test_encrypted.veracrypt /mnt/test
Where test_encrypted.veracrypt
is the file or volume (e.g. mounting a partition can be done using /dev/sda1
) and /mnt/test
is the location to mount the encrypted volume. Once it has been mounted you can access the files as normal files.
Now I am able to mount my encrypted drives I can work on setting up backups.