Due to various concerns, TrueCrypt is about to be replaced in Tails, either by tcplay or cryptsetup.

This is the blueprint for ticket #5373 and subtasks.

This has been resolved by including cryptsetup 1.6. See the aforementioned ticket for details.

Candidate alternatives


tc-play is a Free implementation of TrueCrypt based on dm-crypt, licensed under the 2-clause BSD license. It is in Debian Jessie and wheezy-backports (tcplay), and would serve as a full replacement of TrueCrypt... once a proper GUI available.

tc-play allows to create TrueCrypt volumes.

version 2 added an ability to save and restore TrueCrypt volume headers to external header files.This feature can be used to change a TrueCrypt volume password.


Cryptsetup 1.6 supports reading the TrueCrypt on-disk format, so if/when udisks and friends are adapted (if needed), then we could as well avoid shipping any additional software at all. It is part of Debian Jessie.

Once unlocked on the command-line, the TC volume shows up in Nautilus, but no udisks / GNOME Disks / Nautilus integration is here to enable the user to graphically activate a TC volume.

Upstream (udisks) feature request: https://bugs.freedesktop.org/show_bug.cgi?id=70164

cryptsetup 1.6.4 does not support creating TrueCrypt volumes.

Backporting cryptsetup 1.6.4-4 for Wheezy is easy.


zuluCrypt is a front end to cryptsetup and tcplay, it make easy to manage Truecrypt volumes through a GUI, but it's not packaged in Debian yet (RFP #703911).

  • It uses cryptsetup to unlock TrueCrypt volumes and LUKS volumes.
  • It uses cryptsetup to backup and restore LUKS volume headers.
  • It uses cryptsetup to add and remove keys in LUKS volumes.
  • It uses tcplay to create TrueCrypt volumes.
  • It uses tcplay to backup and restore TrueCrypt volume headers

zuluCrypt now has a hidden volume like functionality using cryptsetup.

zuluCrypt can open LUKS volumes with a detached header.