TrueCrypt is an open source cryptography tool that can be used in a number of ways. Generally though, it uses symmetric encryption algorithms to encrypt a hard drive – or to encrypt a file, which can be made to look like a hard drive.
You can download the software for free, from here:
The maximum level of encryption is AES-256, which is known to be crackable by law enforcement forensics, and NSA, so beware if you have any proprietary or high-value information – it can potentially be stolen or otherwise compromised!
This article will describe one very useful way that you can use TrueCrypt. You can take a USB/thumb drive, put an encrypted volume on it – and make it so you can “mount” that volume to a drive letter temporarily.
While the drive letter is mounted, you can “see” the contents of this encrypted drive. When you are done, you unmount the drive, and everything is back to normal.
This might sound confusing at first, so let me go step by step.
Get a USB drive:
For this, I mean a “thumb drive” or “usb drive” – one of these things:
When you plug it into you computer, the computer will likely see it as “removable media”:
Ideally, it’d be best to start with a clean slate. If you can, right-click on that drive and choose “Format”:
Make sure to use “NTFS” for the file system. Now, you have an empty USB drive that is freshly-formatted:
Copy the TrueCrypt executables onto the USB drive:
Start TrueCrypt and click on the Tools menu. Then choose the “Traveler Disk Setup…” menu item:
this brings up this wizard:
In that File Settings text box, just put the drive letter of your USB drive. Like my example above, my drive letter is L:, so I put this:
Then click “Create”.
This creates a sub-directory on that USB drive that has the TrueCrypt exe and dlls. This is so you can mount/dismount, etc on another machine without having to have TrueCrypt installed.
So now, your USB drive should look like this:
Understanding the “file container”:
This is where things might get a little confusing. Here’s what we are trying to do:
We want to create a file container. This will be a file on your USB drive, that will store encrypted files. But instead of something like an encrypted .zip file – this file container will actually have a regular file system on it. It will be “mountable”, as if it’s like a hard drive!
So, what we are going to do later is “mount”, for example the letter P: drive, to this encrypted file container. When you store files on your P: drive, it will REALLY be encrypting those files, and storing them on your thumb drive, INSIDE of this file container we are about to make.
Hopefully this will make more sense as we move along.
Creating the “file container”:
Again, from within the TrueCrypt app, click the Volume menu, and then Create new volume:
Choose “encrypted file container”:
then “standard TrueCrypt volume”:
and here is where I want to store this encrypted file container – on my thumb drive (L: drive, in my case – and I want to put it in the root:
Lastly, you can choose your encryption algorithm – I’d recommend just sticking with AES-256:
Lastly, since we are going to “mounting” this like a hard drive (or what will appear to be a hard drive) – we have to tell it how big the drive is going to be.
There are some implications here: first, as far as I know, you can’t expand this drive later. So, if you “run out of disk space” in this file, you will have to do this process again, make a bigger encrypted file and then copy your stuff over.
Next, when you specify the size here – it will immediately USE all of that space on the drive. In other words, it pre-allocates this space now.
So, in my case, I want to just use the whole thumb drive, so I’m specifying 14GB. I click next and now we pick a password. This is the password we have to type in whenever we want to mount the drive (just once, every time you plug in the USB drive).
Hopefully it goes without saying that this should be a high quality password. Ideally no dictionary words, more than 12 characters, include special characters, include numbers, include mixed case letters.
Once you’ve picked a password, click Next:
As the screen says, move your mouse around to generate a good random number and when you are ready, click “Format” and wait… It can take up to :15 or :20 minutes (depending on the size of the drive, and speed of the drive and your computer).
Here’s what the result should look like on your USB drive when you’ve completed this step:
Putting it all together:
So what was the point of all of this? Well, now we can “mount” this file AS a drive letter. We can use this new drive letter just like another hard drive. However, when we store files on this fictitious drive, it is really (behind the scenes) encrypting that data – and storing it in this Data.dat file. Let’s see it in action and hopefully it will make more sense.
Mounting the drive with TrueCrypt UI:
The easiest way to tie this together is to open up TrueCrypt and use the UI
In the example above, this would make the “O:” drive look like a hard drive, but the actual hard drive contents would be stored, encrypted, in L:Data.dat
Mounting the drive with a script:
This is what I recommend. Here is the scenario:
When I pop in my USB drive, I just open up Explorer and double-click “Mount.cmd” – and this automatically mounts this virtual drive to a pre-defined drive letter. When I’m done reading/writing to the drive, I double-click “Dismount.cmd”, and then “Eject” the USB drive.
Here is what is in those two files where “Z” is the drive letter that I want to mount/dismount:
TrueCryptTrueCrypt.exe /q background /lZ /m rm /v “Data.dat”
TrueCryptTrueCrypt.exe /dZ /q background
Hopefully this helps show how to easily set up a thumb drive to be a relatively safe place to store data. It’s also pretty easy to set up, and very easy to use each time.
Again, this isn’t going to stop law enforcement forensics, the NSA, or other professional criminals – but it will stop the average thief and offer at least some protection to your data.