Automatically mount a TrueCrypt volume at Login (Mac OS X tip)


Everyone these days is banging on at us about taking more care of our personal data, but we’re a lazy bunch you & me and like every other bit of advice we get, we tend to push it to the back of our minds unless it’s easy to follow. Securing your personal data is all very well, but quite frankly it can be a pain in the butt if every time you login to your Mac you have to launch a program and navigate through various options to get something done.

I’m just as guilty and having installed TrueCrypt on the Mac some months ago, I’d barely given it a second thought until I had to get it to automatically mount a volume on my Windows XP work laptop the other day. In Windows it’s a relatively straightforward taks to get TrueCrypt to run at startup and then automatically mount your ‘favourite’ volumes. Doing the same under Mac OS X took a little more effort! Yes Mac OS X can automatically mount network volumes if you simply drag the relevant icon into your User Account/Login items, but sadly this doesn’t seem to work for TrueCrypt volumes, so here we go…

For the purposes of this exercise I use the excellent Lingon utility to create an agent that runs when I login, but it should be just as easy to do this using a script, or even an Automator Action – the syntax of the actual command line will be the same.

Lingon details

Lingon details

Assuming you have already installed TrueCrypt in your Applications folder, create the volume you want mounted at login if you haven’t already done so. In my case I created a folder called Document_Store in the root of my ‘user’ folder, and then created a 2Gb TrueCrypt file called ‘docvault‘ inside it.  What you now need to do is work out the full pathname of your TrueCrypt file – in my case it’s:

/Users/macbitz/Document_Store/docvault

…where ‘macbitz’ is my user name, Document_Store is the name of the folder I created to hold my TrueCrypt files, and docvault being the name of the file I want to automatically mount.

Now fire up Lignon and click on the + button to create a new agent and choose User Agents from the list. First thing to do is to give your agent a name – in my case I called it ‘com.truecrypt.mount_docvault’ but you can call it whatever makes sense to you. Next step is to tell Lingon what application to run by using the ‘Choose’ button and navigating to where you installed the TrueCrypt application. Once you’ve done this, you should see some text in the ‘What’ box that looks something like:

/Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt

…that’s Lingon telling your Mac what application to run. The next thing you need to do is add the parameters that tell TrueCrypt what it’s supposed to do. In our case we want TrueCrypt to mount a file called ‘docvault’ and to put it somewhere where it’s easily accessible, like a volume on the desktop, so we add the following text into the Lingon ‘What’ window after the TrueCrypt stuff

--mount /Users/macbitz/Document_Store/docvault /Volumes/VAULT

Once you’ve done that you’ll have a long command line that looks like this:

/Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt
--mount /Users/macbitz/Document_Store/docvault /Volumes/VAULT
Custom icon

Custom icon

One last thing is to tell Lingon when it should run your command. Do this by ticking the box that says – Run it when it is loaded by the system (at startup or login). Now if you’ve done this correctly then the next time you login to your Mac, TrueCrypt will load, and then prompt you for the password to access the encrypted file before mounting it in the location specified. In my example I asked TrueCrypt to mount the file as a volume called ‘VAULT’ which then appears on my desktop (as per my Finder preferences). With a little bit of imagination you can even create a custom icon for your encrypted volume (see left) which Finder kindly remembers. If you want to auto-mount your TrueCrypt volume using a script then just put the TrueCrypt command line and it’s parameters into a compiled script that you run as a login item.

Nicest of all, TrueCrypt is free so now you’ve got no excuse for not locking up your super-secret data away from prying eyes! Having said that, the authors of both TrueCrypt and Lingon are happy to accept donations.

About these ads

12 Responses

  1. Hello,
    first at all, many thanks for your hints, how to mount da TrueCrypt device.

    When I try to mount a volume from my USB Stick on which, beside the encrypted Volume, also the TrueCrypt.app is located, it works well until the window for password entry pops up. It is frozen, and I cannot set the focus to it. When I check the processes via ps I see 2 TrueCrypt processes running and can stop them bykill command only.

    I am using the command:
    /Volumes/”INTENSO USB”/TrueCrypt_Mac/TrueCrypt.app/Contents/MacOs/TrueCrypt –mount /Volumes/”INTENSO USB”/DoNotDelete /Volumes/VAULT

    When I open the volume by klicking the TrueCrypt.app, it works fine and I can open the device iteractively.

    I am very thankful vor any help,
    Hermann

  2. Hermann,

    Perhaps you should try escaping the paths in your command correctly, use \ to escape a space rather than the quotes, like so: /Volumes/INTENSO\ USB/DoNotDelete

  3. Hi there,

    thanks for the tip. I´m currently experimenting with TrueCrypt and mounting containers via applescript. I used your lines above and they work. The only thing I don´t get is that the volumes are always mounted as “/Volumes/NO NAME” even though I specified a mount directory as you did above. Does that still work for you or is this due to Snow Leopard or anything?

    Thanks for a reply!

    Januz

  4. @Januz Yes, it works with Snow Leopard.
    Just had the same problem, be sure to use the –mount flag and not -mount.

    It has to be like this:
    /Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt –mount ~/secret /Volumes/secret

  5. Comments: You misspelled Lingon “Lignon” and the site link is down. It is now: http://lingon.sourceforge.net/

    Thanks for the info.

  6. Thanks for the quick follow-up! The lingon configuration has changed. You have to put each program / arg on a separate line.

    It took a little trial and error, but I got it working. Thanks for the awesome tip. I’m a recovering FileVault user — TrueCrypt is golden. :-)

  7. Use this on the Terminal to dismount (force) all drives:

    open -a /Applications/TrueCrypt.app –args -d -f

    or in an apple script:

    do shell script “open -a /Applications/TrueCrypt.app –args -d -f”

  8. It doesn’t seem to work on Lion using Lingon 3.1. I get an invalid argument error.

    If I copy/paste the command in a terminal it works as expected, so somehow Lingon is not able to read the command line properly and pass it to Truecrypt.

    It’s easier to just create a shell script and launch it at startup.

  9. this can be done with Automator, no reason for paying for any sofware, create a script with the contents in automator and drag the app to you login items.

    cheers,

    h3nt3r

    • Don’t make it too easy for your friends at the NSA. If you make an automation, do not automate your password login :-/
      Just my 2cts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: