TrueCrypt (7.0a) Decrypting a volume

[ChrisGreaves]

Can a volume be decrypted on-the-fly?
I think from reading the TrueCrypt User Guide.pdf that the answer is no, in particular where I read "1. Mount the TrueCrypt volume. 2. Move all files from the TrueCrypt volume to any location outside the TrueCrypt volume. 3. Dismount the TrueCrypt volume." it really means that I have to drag/Robocopy the contents to a safe place (or two) before playing around with stuff. (Good advice in any case, right?)

That suggests to me that I should have another spare large external drive lying around, which I don't, so it will be off-to-the-store for another external drive.

In which case I may as well leave the original drive encrypted and use the new drive as the unencrypted one.

[StuartR]

If you encrypt your system volume with TrueCrypt then it has the capability of decrypting this "on the fly". See the online documentation

Please note that TrueCrypt can in-place decrypt only system partitions and system drives (select System > Permanently Decrypt System Partition/Drive). If you need to remove encryption (e.g., if you no longer need encryption) from a non-system volume, please follow these steps:

1. Mount your TrueCrypt volume.
2. Move all files from the TrueCrypt volume to any location outside the TrueCrypt volume (note that the files will be decrypted on the fly).
3. ...

[ChrisGreaves]

If you encrypt your system volume with TrueCrypt then it has the capability of decrypting this "on the fly". See the online documentation

Please note that TrueCrypt can in-place decrypt only system partitions and system drives (select System > Permanently Decrypt System Partition/Drive). If you need to remove encryption (e.g., if you no longer need encryption) from a non-system volume, please follow these steps:

1. Mount your TrueCrypt volume.
2. Move all files from the TrueCrypt volume to any location outside the TrueCrypt volume (note that the files will be decrypted on the fly).
3. ...

Thanks for the response, Stuart, but unless I'm mis-reading the documentation, this applies only to system partitions and drives, which to my mind would be the C: partition on my laptop hard drive.
Any other data partition on the laptop hard drive, or any external drive partition and I'd need to do what TrueCrypt says - move (copy?!) the files away before removing the encryption.

no?

[StuartR]

...unless I'm mis-reading the documentation, this applies only to system partitions and drives, which to my mind would be the C: partition on my laptop hard drive.
Any other data partition on the laptop hard drive, or any external drive partition and I'd need to do what TrueCrypt says - move (copy?!) the files away before removing the encryption...

This is correct, but if you are doing regular backups then all you need to do with your data partitions is your normal backup, then wipe the partition and restore the backup.

[ChrisGreaves]

This is correct, but if you are doing regular backups then all you need to do with your data partitions is your normal backup, then wipe the partition and restore the backup.

Thanks, but (I hate sounding so darned NEGative ...) The encrypted 500GB external drive is an accumulated backup of my 100GB laptop since about the year 1734 , and is my means of exhuming files that have been deleted from the laptop.
To void the 500GB drive and then run a normal evening backup means that I would lose my archives and end up only with a snapshot of the laptop 100GB as it stands today.

The exercise would be a duplicate of my receiving an encrypted external drive from a 3rd party or client and being asked to decrypt it. Without access to their source, I'd be forced into buying a spare external drive large enough to accommodate the encrypted data, drag it all across, then void the original (3rd-party) drive.

From what I can see, one may as well just buy a new external drive.


Here's the current situation: on Saturday I want to have another shot at image backups. I could go out and buy an extra external drive to receive the images, boot from a rescue disk and practice restoring from the external drive, or I could make use of the 180 GB unused on the 500GB drive. Sadly the entire drive is encrypted, all 500GB of it. It is, after all, a backup of the laptop which holds confidential client data.

If I could decrypt the drive on-the-fly, I'd do so, and then play with my image files over the weekend, and late Sunday night, burn the good image files to DVD, and recrypt the external drive.

Now I'm thinking that the entire process is
(1) time-consuming in dragging 320 GB of data to a new drive
(2) time-consuming in re-crypting late Sunday night
(3) time-consuming in dragging 320 GB of data back from the new drive

It just doesn't make sense.
Better I go buy a spare drive and use that as my toy for the weekend.

If I thought I could let the decryption run overnight Friday and be ready Saturday morning, I'd do that.
The exercise seems overloaded with extra work, and a risk factor. The store down the street has 250GB for about $cdn100, and I haven't bought an external drive in over 6 months ...

[StuartR]

I agree, spend the $cdn100

[ChrisGreaves]

I agree, spend the $cdn100

Thanks.
Can you get it to me by 5pm?

[wex[hr]]

Hi!

I managed to get workaround solution for in-place, on-the-fly DECRYPTION! You can decrypt SYSTEM encrypted volumes in place, but can't other non-system data partitions as it says in Truecrypt's manual. It was funny to me because it is an amazing piece of software (because of recent hardware acceleration support ) but that thing is a major flaw.
I'm just like you ("since about the year 1734..."-> I think that way I can travel thru time ) so copying files instead of cloning partition is not acceptable.

I used Linux (if Truecrypt is amazing, Linux is godlike ) to get this workaround:

1. mount volume/partition (with "fdisk -lu" determine which disk is your target) that you want to decrypt in-place using header backup of truecrypt volume (this is not necessary but in means of precautions, it's good idea) by typing in terminal/console:

Code: Select all

truecrypt --mount /dev/sdb2 -m=headerbak

2. type in terminal to see name of newly mounted device (it's something like '/dev/mapper/truecrypt1'):

Code: Select all

df -h

3. clone that virtually decrypted device to same partition from which it is read (yes!, this is not mistake and I guarantee that you will not lose any data; I tried this many times):

Code: Select all

dd if=/dev/mapper/truecrypt1 of=/dev/sdb2 conv=noerror,notrunc

4. when cloning of those gibibytes is over, you must readdress "new" partition (subtract 512 sectors, now not used by 256kiB of truecrypt's header+backup_of_header) with parted utility
    EXAMPLE:

Partition editing device HDD #2 where used to be enrypted partition:

Code: Select all

parted /dev/sdb

Use sectors as units to view start;end;size of partitions:

Code: Select all

unit s

List partitions to screen:

Code: Select all

print

You get something like this on screen:

1.png

Then, taking actions, delete that partition (only in MBR table, not erasing/filling with zeroes!); making new partition NTFS (or FAT32 or whatever your OS/Windowz is able to see/recognize) on same place where was old partition just make end sectors OLDVALUE-512

Code: Select all

rm 1

Code: Select all

mkpart
p
ntfs
2048
1953522542

Then again check if everything is ok, start;end-512;size-512

Code: Select all

print

2.PNG

5. Try to boot in windowz and make disk check.

[gyurman]

Thanks for you, It is working well!!!!!