Mounting a TrueCrypt volume over FTP

Is it possible to mount a TrueCrypt volume file over FTP?

Here's how TrueCrypt works with a local file:

User inputs path to volume file, enters password
TrueCrypt verifies that the password is correct (probably by decrypting the very first part of the volume file?)
TrueCrypt reads the directory listing from the volume file and mounts the volume. However, in this step, TrueCrypt does NOT process the whole volume file.
The user browses the directory listing and opens a file.
TrueCrypt reads only the part of the volume file that contains the file the user wants, and then decrypts it. Once again, TrueCrypt doesn't process the whole volume file - it only reads part of it.
The user edits part of the file and saves it.
TrueCrypt encrypts the change and edits the volume file.

I'm pretty sure it should be possible to mount a volume over FTP, without undermining security and without having to transfer the whole volume file just to read one small part of the volume.

Here's how I imagine it:

User inputs FTP path to volume file, enters FTP login information, enters password to volume
TrueCrypt downloads the very first part of the volume file and verifies that the password is correct
TrueCrypt downloads the part of the volume file that contains the directory listing - the data is sent encrypted over FTP and is decrypted locally.
The user browses the directory listing and opens a file.
TrueCrypt downloads only the part of the volume file that contains the file the user wants, and then decrypts it locally.
The user edits part of the file and saves it.
TrueCrypt encrypts the change and edits the volume file over FTP, transferring encrypted data only.

Is such a feature available?

Maxim Zaslavsky

Posted 2010-06-25T03:39:54.493

Reputation: 1 750

1Consider finding a solution to map an FTP site as a drive. Then try creating a truecrypt disk to see how it goes. – None – 2010-06-25T03:55:32.637

Answers

Wouldn't it make more sense to use SFTP, which is more secure than FTP?

A possible solution is to mount SFTP locally and mount the TrueCrypt volume from the SFTP mount. If you must use FTP, you could mount FTP instead of SFTP.

I did basically what you are asking for, but also integrated Git to backup files: http://theo.cc/blog/2010/07/encrypted-git-repo-with-truecrypt-and-sshfs/

Theo

Posted 2010-06-25T03:39:54.493

Reputation: 21

Truecrypt encrypts it's backing storage (whether it's a file or a volume) on a block level. It doesn't work on a file level. This is a Good Thing(tm) because it makes Truecrypt easier to implement, debug, and contributes to reliability.

So Truecrypt itself is not aware of "files" within the storage it's encrypting/decrypting. That's the responsibility of a file system driver (ntfs.sys, fastfat.sys, etc.) to act as that intermediary, translating requests for files into requests for blocks and vice versa.

Thus, Truecrypt itself can't retrieve names of files, "parts" of volumes, or do file operations on its own. The software doing that, the filesystem layer, is not part of Truecrypt.

LawrenceC

Posted 2010-06-25T03:39:54.493

Reputation: 63 487

But does that actually relate to his question? Whatever is inside the container doesn't matter here. What matters is getting TO the cointainer. – sinni800 – 2011-08-01T12:17:31.670

I know of nothing that supports the mode of operation described in the question. As others have pointed out, TrueCrypt implements a block device driver that sits underneath a filesystem driver. If you could insert another layer underneath TrueCrypt that transparently transfers the blocks to/from an FTP server, then it would work. Now this leads me to wonder if a Linux loopback device could be used to intercept the block reads and writes? Or, on Windows, the same trickery that Virtual CloneDrive uses to make an ISO image file appear to be a mounted disk drive? I suspect kernel programming is still required.

Fran

Posted 2010-06-25T03:39:54.493

Reputation: 4 774