If you’re looking for a simple and powerful way to encrypt everything from system drives to backup discs to everything in between, TrueCrypt is an open-source tool that will help you lock up your files. Read on as we show you how to get started.
What Is TrueCrypt and Why Should I Use It?
TrueCrypt is an on-the-fly encryption application that allows you to work with encrypted files as you would work on files located on a regular drive. Without on-the-fly encryption, actively working with encrypted files is an enormous pain and the outcome is usually either that people simply do not encrypt their files or they engage in poor security practices with their encrypted files because of the hassle of decrypting/encrypting them.
How does this play out in real life? Let’s take a look at a simple hypothetical situation. You’re a lawyer (or anyone, for that matter, that works with sensitive information). You have some client files that need to remain absolutely secure. Using a system that does not provide on-the-fly encryption and decryption you’d need to open the encrypted container file, unpack the files you wanted to use (into the insecure operating system), work on them, and then repack them once you had worked with them. To make sure the files were totally secure, you’d then need to secure wipe the space on the drive the unencrypted files had occupied. There are so many points in that process where things can go wrong that’s its not really practical to use such a workflow for anything but static files which will be encrypted and, more or less, permanently archived.
With an on-the-fly system like TrueCrypt you have an encrypted container (or even an entirely encrypted system drive). All the files within the container are encrypted and TrueCrypt, acting as an intermediary, decrypts each file on the fly (in the computer’s memory) so that you may interact with it like a regular file. You simply mount the encrypted volume, work within it, and unmount it. TrueCrypt takes care of everything, keeping the files temporarily in the RAM, sweeping up after itself, and ensuring your files remain uncompromised.
Whether you just want to encrypt a flash drive to store your tax data and personal documents as a safeguard against identity theft or you want to encrypt your entire computer to keep The Man out of your business, TrueCrypt is a comprehensive and easy to use tool.
What Do I Need?
For this tutorial you’ll only need a few simple things:
- A free copy of TrueCrypt.
- Administrative access to a computer.
That’s it! You can grab a copy of TrueCrypt for Windows, Linux, or Mac OS X and then settle in at a computer that you have administrative access to (you can’t run TrueCrypt on a limited-privilege/guest account). Have a copy on hand? Great, let’s get started. For this tutorial we’ll be using the Windows version of TrueCrypt and installing it on a Windows 7 machine.
Installing and Configuring TrueCrypt
The initial installation of TrueCrypt is very straight forward. Run the installation application, accept the user agreement, and then select Install. (The extract option is of interest to those who wish to extract a semi-portable version of TrueCrypt; we will not be covering that method in this beginner’s guide.) You’ll be given a battery of options like “Install for all users” and “Associate .tc file extension with TrueCrypt”. We left all of them checked for the sake of convenience. Once the application finishes installing, navigate to the Start Menu and launch TrueCrypt.
TrueCrypt will ask you if you’d like to view a tutorial on getting started; since we’re already walking you through the process go ahead and skip the tutorial. You’ll be greeted with a screen that looks like the one above. The very first thing we need to do is create a volume.
Click on the “Create Volume” button. This will launch the Volume Creation Wizard and prompt you to choose one of the follow volume types:
Volumes can be as simple as a file container you place on a drive or disk or as complex as a whole-disk encryption for your operating system. We’re going to keep things simple for the first section of our TrueCrypt guide and focus on getting you set up with an easy to use local container. Select “Create an encrypted file container”.
Next, the Wizard will ask you if you want the create a Standard or a Hidden volume. Again, for the sake of simplicity, we’re going to skip messing around with Hidden Volumes at this point. This is no way lowers the encryption level or security of the volume we’re creating as a Hidden Volume is simply a method of obfuscating the location of the encrypted volume.
In the next step we need to pick a name and location for our volume. The only important parameter here is that your host drive have enough space for the volume you with to create (i.e. if you want a 100GB encrypted volume you’d better have a drive with the space to spare). We’re going to throw our encrypted volume on a secondary data drive in our desktop Windows machine.
Now it’s time to pick your encryption scheme. You really can’t go wrong here. Yes there are a lot of choices, but all of them are extremely solid encrypt schemes and, for practical purposes, interchangeble. In 2008, for example, the FBI spent over a year trying to decrypt the AES encrypted hard drives of a Brazilian banker involved in a financial scam. Even if your data-protection-paranoia extends up the level of acronym agencies with deep pockets and skilled forensics teams, you can rest easy knowing your data is secure.
In the next step, you’ll select the volume size. You can set it in KB, MB, or GB increments. We created a 4.5GB test volume, for no other reason than it fits neatly on a DVD if we wish to burn it for backup purposes.
Next stop, password generation. See that screenshot? That’s a short password. Short passwords are a bad idea. You should create a password at least 20 characters long. However you can create a strong and memorable password we suggest you do it. A great technique is to use a passphrase instead of a simple password. Here’s an example: In2NDGradeMrsAmerman$aidIWasAGypsy. That’s better than password123 any day.
Before you create the actual volume, the creation Wizard will ask if you intend to store large files. If you intend to store files larger than 4GB within the volume, tell it so—it will tweak the file system to better suite your needs.
On the Volume Format screen, you’ll need to move your mouse around to generate some random data. While just moving your mouse is sufficient you could always follow in our footsteps—we grabbed our Wacom tablet and drew a picture of Ricky Martin as an extra on Portlandia. How’s that for random? Once you’ve generated enough random goodness, hit the Format button.
Once the format process is complete you’ll be returned to the original TrueCrypt interface. Your volume is now a *.TC file wherever you parked it and ready to be mounted by TrueCrypt.
Click the “Select File” button and navigate to the directory you stashed your TrueCrypt container in. Because we’re extraordinarily sneaky, or file is in \TrueCrypt\The How-To Geek Super Secret File Dump. Nobody will ever think to look there. Once the file is selected, pick (in the box above) from one of the available drives. We selected Y. Click Mount.
Enter your password, again we’re going to emphasize our short password. We picked a short one for testing purposes; if you’re smart yours will exceed 20 characters. Click OK.
Let’s go take a look at My Computer and see if our encrypted volume was successfully mounted as a drive:
Success! One 4.38GB volume of sweet encrypted goodness, just like the kind mom used to make. You can now open the volume and pack it full of all the files you’ve been meaning to keep from prying eyes.
Don’t forget to secure wipe the files once you’ve copied them into the encrypted volume. Regular file system storage is insecure and traces of the files you’ve encrypted will remain behind on the unencrypted disk unless you properly wipe the space. Also, don’t forget to pull up the TrueCrypt interface and “Dismount” the encrypted volume when you aren’t actively using it.
Have a TrueCrypt tip, trick, or super-spy-guy workflow to share? Sound off in the comments with your encryption know-how.
Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on Google+ if you'd like.
- Published 03/13/12