I think we can agree that zulucrypt is the shit. For those looking for something like Truecrypt’s volume functionality on Linux, this is it. it provides a sane way to create and use LUKS volumes and manipulates files in them. Check it out and then lets decide on what parts of the program to include in Whonix 14!
Its all packaged in Debian:
https://packages.debian.org/search?suite=default§ion=all&arch=any&searchon=names&keywords=zulucrypt
Suggested they support codecrypt too as they do many crypto format plugins
Played with it and its not functional unfortunately. It insists on opening mounted containers with Gwenview. Even when I browse with dolphin running as root it displays “the process for the file protocol died unexpectedly”. No deice with creating files inside the container or transferring anything in.
Please create a Whonix 15 ticket.
Filed a bug report with my experiences so they may be fixed one day
Update: problems known and fixed in the newer versions that are unfortunately not in stable. Maybe we can have it ready to roll in stable-next if nothing burns up
Ticket ⚓ T769 Add LUKS container GUI or CLI utility by default updated just now. Please test in Debian buster. If working, add to anon-meta-packages/control at master · Whonix/anon-meta-packages · GitHub package non-qubes-vm-enhancements-gui.
Great, Is there a Buster git branch ready for building yet?
“Maybe not.” As per:
zulucrypt etc. can also be tested in Debian buster. If it works there, I am pretty sure, it will work later on in Whonix too.
This was implemented.
By adding zulucrypt to non-qubes-vm-enhancements-(cli|gui) it is also being installed on Whonix-Gateway.
Is that useful or unwanted? Any use case for having it on Whonix-Gateway by default? To backup Tor data directory or any configurations?
Yeah that’s pretty useful.
Though it can be argued that one can just copy it over to WS and do it there and possibly transmit it securely online. Therefore it would be redundant and possibly a waste of space having it installed twice.
Might not be good idea to give a WS access to information from GW. That might open up for some attacks by compromised WS. When using multiple WS this may be less of a factor, though.
True, i do argue this argument , and if the user want it in the GW he just simply apt install it. Because its already provided in the WS for workstation purposes anything else the user is free to install.
I have tried to create encrypted container in a file but this error showing up:
Installed zulucrypt on plain Debian and its working.
Whonix Vbox & KVM have the same issue.
cc @HulaHoop
Aside from that why its not presented in Qubes-Whonix? cc @Patrick
Could be caused by restrictions on /dev/ access maybe. There is a lot of work going on in this area and something may have been overly confined.
?
This might be related / the / part of solution:
