109 lines
3.1 KiB
Bash
Executable file
109 lines
3.1 KiB
Bash
Executable file
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
# ==============================================================================
|
|
# VeraCrypt Installation Script
|
|
# ==============================================================================
|
|
# Installs VeraCrypt - Full disk encryption and encrypted containers
|
|
#
|
|
# Threat Model:
|
|
# - Physical device theft (laptop, USB drive)
|
|
# - Data at rest without protection
|
|
# - Border crossing device searches
|
|
# - Forensic analysis of seized devices
|
|
#
|
|
# How VeraCrypt Protects:
|
|
# - Full disk encryption (entire drive encrypted)
|
|
# - Encrypted containers (virtual encrypted disks)
|
|
# - Plausible deniability (hidden volumes)
|
|
# - Multiple encryption algorithms
|
|
# - Pre-boot authentication
|
|
#
|
|
# Source: https://veracrypt.fr/
|
|
# ==============================================================================
|
|
|
|
# Colors
|
|
readonly GREEN='\033[0;32m'
|
|
readonly YELLOW='\033[1;33m'
|
|
readonly RED='\033[0;31m'
|
|
readonly NC='\033[0m'
|
|
|
|
log() { echo -e "${GREEN}[INFO]${NC} $*"; }
|
|
warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
|
|
error() { echo -e "${RED}[ERROR]${NC} $*"; exit 1; }
|
|
|
|
echo "=== VeraCrypt Installation ==="
|
|
echo ""
|
|
|
|
# Detect architecture
|
|
ARCH=$(uname -m)
|
|
if [ "$ARCH" = "x86_64" ]; then
|
|
ARCH_SUFFIX="amd64"
|
|
else
|
|
error "Unsupported architecture: $ARCH (only x86_64 supported)"
|
|
fi
|
|
|
|
log "Fetching latest VeraCrypt version..."
|
|
|
|
# Get latest version from SourceForge (VeraCrypt's official host)
|
|
# Note: This is simplified - you may want to hardcode a version for stability
|
|
LATEST_VERSION="1.26.7" # Update this manually for stability
|
|
warn "Using VeraCrypt version $LATEST_VERSION"
|
|
|
|
# Construct download URL
|
|
BASE_URL="https://launchpad.net/veracrypt/trunk/${LATEST_VERSION}/+download"
|
|
DEB_FILE="veracrypt-${LATEST_VERSION}-Debian-12-${ARCH_SUFFIX}.deb"
|
|
DOWNLOAD_URL="${BASE_URL}/${DEB_FILE}"
|
|
|
|
log "Download URL: $DOWNLOAD_URL"
|
|
echo ""
|
|
warn "⚠️ IMPORTANT: You should verify the PGP signature!"
|
|
warn "Official instructions: https://veracrypt.fr/en/Digital%20Signatures.html"
|
|
echo ""
|
|
read -p "Continue with installation? [y/N] " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
log "Installation cancelled"
|
|
exit 0
|
|
fi
|
|
|
|
log "Downloading VeraCrypt..."
|
|
cd /tmp
|
|
wget -O veracrypt.deb "$DOWNLOAD_URL"
|
|
|
|
log "Installing VeraCrypt..."
|
|
sudo apt install -y ./veracrypt.deb
|
|
|
|
rm veracrypt.deb
|
|
|
|
log "✅ VeraCrypt installed successfully!"
|
|
|
|
echo ""
|
|
echo "=== Installation Complete ==="
|
|
echo ""
|
|
echo "Usage:"
|
|
echo ""
|
|
echo " GUI:"
|
|
echo " veracrypt"
|
|
echo ""
|
|
echo " Create encrypted container:"
|
|
echo " 1. Launch VeraCrypt"
|
|
echo " 2. Click 'Create Volume'"
|
|
echo " 3. Choose 'Create an encrypted file container'"
|
|
echo " 4. Follow wizard"
|
|
echo ""
|
|
echo " Mount existing container:"
|
|
echo " 1. Launch VeraCrypt"
|
|
echo " 2. Select slot (1-20)"
|
|
echo " 3. Click 'Select File'"
|
|
echo " 4. Choose your .vc file"
|
|
echo " 5. Click 'Mount'"
|
|
echo " 6. Enter password"
|
|
echo ""
|
|
echo "⚠️ Security Tips:"
|
|
echo " - Use strong passwords (20+ characters)"
|
|
echo " - Store backup of volume header"
|
|
echo " - Never forget your password (no recovery!)"
|
|
echo " - Unmount before shutdown/sleep"
|
|
echo ""
|
|
echo "📖 Documentation: https://veracrypt.fr/en/Documentation.html"
|