Automatically mount a TrueCrypt volume at Login (Mac OS X tip)

Everyone these days is banging on at us about taking more care of our personal data, but we’re a lazy bunch you & me and like every other bit of advice we get, we tend to push it to the back of our minds unless it’s easy to follow. Securing your personal data is all very well, but quite frankly it can be a pain in the butt if every time you login to your Mac you have to launch a program and navigate through various options to get something done.

I’m just as guilty and having installed TrueCrypt on the Mac some months ago, I’d barely given it a second thought until I had to get it to automatically mount a volume on my Windows XP work laptop the other day. In Windows it’s a relatively straightforward taks to get TrueCrypt to run at startup and then automatically mount your ‘favourite’ volumes. Doing the same under Mac OS X took a little more effort! Yes Mac OS X can automatically mount network volumes if you simply drag the relevant icon into your User Account/Login items, but sadly this doesn’t seem to work for TrueCrypt volumes, so here we go…

For the purposes of this exercise I use the excellent Lingon utility to create an agent that runs when I login, but it should be just as easy to do this using a script, or even an Automator Action – the syntax of the actual command line will be the same.

Lingon details

Lingon details

Assuming you have already installed TrueCrypt in your Applications folder, create the volume you want mounted at login if you haven’t already done so. In my case I created a folder called Document_Store in the root of my ‘user’ folder, and then created a 2Gb TrueCrypt file called ‘docvault‘ inside it.  What you now need to do is work out the full pathname of your TrueCrypt file – in my case it’s:

/Users/macbitz/Document_Store/docvault

…where ‘macbitz’ is my user name, Document_Store is the name of the folder I created to hold my TrueCrypt files, and docvault being the name of the file I want to automatically mount.

Now fire up Lignon and click on the + button to create a new agent and choose User Agents from the list. First thing to do is to give your agent a name – in my case I called it ‘com.truecrypt.mount_docvault’ but you can call it whatever makes sense to you. Next step is to tell Lingon what application to run by using the ‘Choose’ button and navigating to where you installed the TrueCrypt application. Once you’ve done this, you should see some text in the ‘What’ box that looks something like:

/Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt

…that’s Lingon telling your Mac what application to run. The next thing you need to do is add the parameters that tell TrueCrypt what it’s supposed to do. In our case we want TrueCrypt to mount a file called ‘docvault’ and to put it somewhere where it’s easily accessible, like a volume on the desktop, so we add the following text into the Lingon ‘What’ window after the TrueCrypt stuff

--mount /Users/macbitz/Document_Store/docvault /Volumes/VAULT

Once you’ve done that you’ll have a long command line that looks like this:

/Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt
--mount /Users/macbitz/Document_Store/docvault /Volumes/VAULT
Custom icon

Custom icon

One last thing is to tell Lingon when it should run your command. Do this by ticking the box that says – Run it when it is loaded by the system (at startup or login). Now if you’ve done this correctly then the next time you login to your Mac, TrueCrypt will load, and then prompt you for the password to access the encrypted file before mounting it in the location specified. In my example I asked TrueCrypt to mount the file as a volume called ‘VAULT’ which then appears on my desktop (as per my Finder preferences). With a little bit of imagination you can even create a custom icon for your encrypted volume (see left) which Finder kindly remembers. If you want to auto-mount your TrueCrypt volume using a script then just put the TrueCrypt command line and it’s parameters into a compiled script that you run as a login item.

Nicest of all, TrueCrypt is free so now you’ve got no excuse for not locking up your super-secret data away from prying eyes! Having said that, the authors of both TrueCrypt and Lingon are happy to accept donations.

Hopes of an Apple-friendly server fade a little…

The repeated and random disconnects I’ve been getting between my Mac Pro and my Windows 2003 Server shares prompted me to look at alternatives. My Kalyway project ended as abruptly as it started. I managed to install it on an old Asus A7N8X-Delux based machine but not long after I was experiencing kernel panics and had to give it up as a bad bet.

The next plan was to use FreeNAS which would let me access disks on the ‘server’ as AFP shares. The fact that FreeNAS only truly supports it’s own proprietary file system, and warns of dire consequences when using FAT or EXT did put me off a little, but I was prepared to stick it out. Unfortunately the next problem was a little more severe. I was testing backups from my Mac to the FreeNAS box by repeatedly copying 100Gb or so of data to it, then copying it back to the Mac and comparing it to make sure it was the same. Then deleting it off the NAS box and starting over again. All of a sudden I was getting messages that the backup job was unable to create folders on the target drive. I checked all the usual suspects but found the only way to get things going again was to reformat the FreeNAS data drives and start over. Third time round the loop I decided to give up. I’m sure with more investigation I might get to the bottom of this, but not being a Linux guru makes me nervous about entrusting my precious data to something I understand even less that Mac OS X or Windows 2003 Server.

So it’s looking more likely that I’ll invest in a basic Mac Mini, hang two 500Gb USB drives off it and use that as my backup server. That of course leaves me with two 500Gb SATA drives ‘spare’ from my Windows server box. Now I have seen a PowerMac G5 up for sale that’s got space for two internal SATA drives, has lots more memory than the Mac Mini, and is cheaper by about £100. It’s a PowerPC model dating back a couple of years but it’s good enough to run Leopard and it’ll let me use all my spare internal and external drives.

I could of course buy another D-Link DNS323 NAS box. Despite it getting mixed reviews, my one has been incredibly reliable (famous last words), then I’d have to hang the two external drives off the Mac Pro.

Decisions, decisions…