Posts filed under ‘TCGINA’

TrueCrypt and TCGINA

Since I own a portable computer, hardware theft is a real threat. Apart from the hardware, all my personal documents like pictures, e-mail (Thunderbird, as I used to use) containing passwords, FileZilla.xml file containing passwords and so much other valuable information will be lost too, eventually causing not only a hardware but also an identity theft.

Therefor, I’ve been planning to store my personal files on a TrueCrypt volume for some time now, but now I made the big step. TrueCrypt rules all other encryption software since:

  • it is open source: the risk of back doors (for e.g. CIA) is minimal
  • it’s completely cross OS (I tried mounting and writing to a TC volume on Ubuntu, it worked without problems)
  • it is actively developed and has lots of options

I’ve got > a year of experience already with the Linux version of TrueCrypt (installed on my Debian server), so I more or less already know what TrueCrypt can do. I downloaded TrueCrypt 4.3a and created a 30 GB file on my second partition (which I usually make for data). I chose to use a file rather than a device, since backing up is much easier. Instead of copying a thousand of files, one big file can be back upped. I also chose for a fixed and not a dynamic (sparse) volume, since the performance of dynamic volumes doesn’t seem to be that good (as the installer and some web sites told me).

For the TC volume to mount, I chose to add a key file. Without this key file, it’s even harder to crack the TC volume. A key file can be no matter what, I downloaded some file from some years ago that can be widely found on the Internet (in case I lose it).

Next I wanted to put sensitive data into the TC volume. I created a new Firefox profile into the newly created (and mounted) volume, which is in fact a virtual disk (I chose T:\). Since I switched to Gmail, I installed the Gmail Checker. As the password was still automatically filled in after a reboot (without mounting my TC volume), I wanted to:

  • mount my TrueCrypt volume automatically at startup
  • autoplay the Gmail Checker application from the encrypted volume (and probably other applications too)

So I started to play with autorun.inf a little bit, without result. Next: the good old batch files. As I’ve read here, the volume password is not masked in the DOS prompt. This is definitely not what I want, so I looked further and saw a comment about a VBS script with a masking possibility, but that didn’t work for me.

I started experimenting a little bit, and following little batch script worked fine (automount.bat), masked the password (as it asked the password using a little TC GUI) including the possibility to ‘autorun’ some applications:

@echo off
C:\"Program Files"TrueCryptTrueCrypt.exe /v "<volume>" /q /k "<key file>" /lt /hn
(other commands here)

Next add this batch script to the startup folder (Start -> All Programs -> Startup) and off you go.

Yay! Well.. Not that fantastic. It appeared that Gmail Checker doesn’t keep its passwords in a configuration file, instead it’s saved in Windows itself (WininetCacheCredentials), which is easily ‘recoverable’. No luck so far..

By the way, I know that the key file is being specified, this could seem strange to some. But as I’m planning to copy the whole volume (residing in a file) to a safe backup place without the key file, my volume should be safer.

I almost gave up, but suddenly I found this topic. Apparently, there exists something like ‘TCGINA’ that encrypts a whole Windows user profile, including regedit information. It’s a hook on GINA, and therefor TCGINA is able to request the TC volume password before logging in. Just what I’ve been looking for. Even better, it is an ‘official’ third party project, residing on the TrueCrypt homepage. Very nice!

So I installed the latest stable version of TCGINA (1.16), which obviously didn’t work since TrueCrypt 4.3 was required (not 4.3a). I searched the forum and yes! There was an RC2 of TCGINA 1.17 available. I had to create a new user (so my settings were lost). As my (automatically detected) previously created TC volume used a keyfile, I had to add some things to the register (as described in tcgina.pdf) and had to reboot. Done!

My profile folder (C:\Documents and Settings\username\) is moved to the encrypted volume’s T:\Documents and Settings\username\. The ‘My Documents’ folder (which normally resides under …\username\) is moved also, so all (newly added) documents will be encrypted.

Conclusion: the TrueCrypt homepage should mention the possibilities of TCGINA! I’ve never heard of it before and (until now at least) I’m very pleased with it.

May 31, 2007 at 1:31 am 3 comments


May 2017
« Jan    

Posts by Month

Posts by Category