Using TrueCrypt + USB drive to make a portable encrypted drive

TrueCrypt is an open source cryptography tool that can be used in a number of ways. Generally though, it uses symmetric encryption algorithms to encrypt a hard drive – or to encrypt a file, which can be made to look like a hard drive.

You can download the software for free, from here:

http://www.truecrypt.org/

The maximum level of encryption is AES-256, which is known to be crackable by law enforcement forensics, and NSA, so beware if you have any proprietary or high-value information – it can potentially be stolen or otherwise compromised!

This article will describe one very useful way that you can use TrueCrypt. You can take a USB/thumb drive, put an encrypted volume on it – and make it so you can “mount” that volume to a drive letter temporarily.

While the drive letter is mounted, you can “see” the contents of this encrypted drive. When you are done, you unmount the drive, and everything is back to normal.

This might sound confusing at first, so let me go step by step.

Get a USB drive:
For this, I mean a “thumb drive” or “usb drive” – one of these things:800px-Usb-thumb-drive

When you plug it into you computer, the computer will likely see it as “removable media”:
image

Ideally, it’d be best to start with a clean slate. If you can, right-click on that drive and choose “Format”:
image

Make sure to use “NTFS” for the file system. Now, you have an empty USB drive that is freshly-formatted:
image

Copy the TrueCrypt executables onto the USB drive:
Start TrueCrypt and click on the Tools menu. Then choose the “Traveler Disk Setup…” menu item:
image

this brings up this wizard:
image

In that File Settings text box, just put the drive letter of your USB drive. Like my example above, my drive letter is L:, so I put this:
image

Then click “Create”.
image

This creates a sub-directory on that USB drive that has the TrueCrypt exe and dlls. This is so you can mount/dismount, etc on another machine without having to have TrueCrypt installed.

So now, your USB drive should look like this:
image

Understanding the “file container”:
This is where things might get a little confusing. Here’s what we are trying to do:

We want to create a file container. This will be a file on your USB drive, that will store encrypted files. But instead of something like an encrypted .zip file – this file container will actually have a regular file system on it. It will be “mountable”, as if it’s like a hard drive!

So, what we are going to do later is “mount”, for example the letter P: drive, to this encrypted file container. When you store files on your P: drive, it will REALLY be encrypting those files, and storing them on your thumb drive, INSIDE of this file container we are about to make.

Hopefully this will make more sense as we move along.

Creating the “file container”:
Again, from within the TrueCrypt app, click the Volume menu, and then Create new volume:
image

Choose “encrypted file container”:
image

then “standard TrueCrypt volume”:
image

and here is where I want to store this encrypted file container – on my thumb drive (L: drive, in my case – and I want to put it in the root:
image

Lastly, you can choose your encryption algorithm – I’d recommend just sticking with AES-256:

image

Lastly, since we are going to “mounting” this like a hard drive (or what will appear to be a hard drive) – we have to tell it how big the drive is going to be.

image

There are some implications here: first, as far as I know, you can’t expand this drive later. So, if you “run out of disk space” in this file, you will have to do this process again, make a bigger encrypted file and then copy your stuff over.

Next, when you specify the size here – it will immediately USE all of that space on the drive. In other words, it pre-allocates this space now.

So, in my case, I want to just use the whole thumb drive, so I’m specifying 14GB. I click next and now we pick a password. This is the password we have to type in whenever we want to mount the drive (just once, every time you plug in the USB drive).

image

Hopefully it goes without saying that this should be a high quality password. Ideally no dictionary words, more than 12 characters, include special characters, include numbers, include mixed case letters.

Once you’ve picked a password, click Next:
image

As the screen says, move your mouse around to generate a good random number and when you are ready, click “Format” and wait… It can take up to :15 or :20 minutes (depending on the size of the drive, and speed of the drive and your computer).

Here’s what the result should look like on your USB drive when you’ve completed this step:
image

Putting it all together:
So what was the point of all of this?  Well, now we can “mount” this file AS a drive letter. We can use this new drive letter just like another hard drive. However, when we store files on this fictitious drive, it is really (behind the scenes) encrypting that data – and storing it in this Data.dat file. Let’s see it in action and hopefully it will make more sense.

Mounting the drive with TrueCrypt UI:
The easiest way to tie this together is to open up TrueCrypt and use the UI
image

In the example above, this would make the “O:” drive look like a hard drive, but the actual hard drive contents would be stored, encrypted, in L:Data.dat

Mounting the drive with a script:
This is what I recommend. Here is the scenario:
image

When I pop in my USB drive, I just open up Explorer and double-click “Mount.cmd” – and this automatically mounts this virtual drive to a pre-defined drive letter. When I’m done reading/writing to the drive, I double-click “Dismount.cmd”, and then “Eject” the USB drive.

Easy, right?

Here is what is in those two files where “Z” is the drive letter that I want to mount/dismount:

Mount.cmd:
@echo off
TrueCryptTrueCrypt.exe /q background /lZ /m rm /v “Data.dat”

Dismount.cmd:
@echo off
TrueCryptTrueCrypt.exe /dZ /q background

Summary:
Hopefully this helps show how to easily set up a thumb drive to be a relatively safe place to store data. It’s also pretty easy to set up, and very easy to use each time.

Again, this isn’t going to stop law enforcement forensics, the NSA, or other professional criminals – but it will stop the average thief and offer at least some protection to your data.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
Categories

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2 other followers

%d bloggers like this: