Security

How do I use TrueCrypt for on-the-fly encryption?

TrueCrypt creates an encrypted container that holds the file(s) you are working so that every file within the container is encrypted.

I am a big fan of encryption. For many reasons and uses, encryption is a part of my daily computing life. There are many ways to deal with encryption; you can create a file or directory of files and then encrypt the files when you are ready. But an easier way to handle this task is to do the encryption on the fly. One tool that allows you to do this easily is TrueCrypt.

TrueCrypt creates an encrypted container that holds the file(s) you are working on so that every file within the container is encrypted. You can even move preexisting files into the encrypted container so that they too will be encrypted.

TrueCrypt works with Windows 2000/XP/Vista, however, it does not yet work with Windows 7. (Editor's note: As of November 23, 2009, Windows 7 is supported.) Installing TrueCrypt is simple, and there are no other requirements for it to work. TrueCrypt is also open source, so it is free to use (but it is not released under the GPL).

This blog post is also available in PDF format in a free TechRepublic download.

Features

  • Real-time encryption
  • Parallelization and pipelining allow data to be written as quickly as if it were not encrypted
  • AES-256, Serpent, and Twofish algorithms supported
  • Encrypts on hard drive or USB flash drive
  • Supports Windows, OS X, and Linux

Getting and installing

Installing TrueCrypt is simple. Go to the TrueCrypt download page and download the version right for your operating system. Once the file has downloaded, double-click on it to begin the installation. The installation of TrueCrypt will resemble the installation of any Windows application, so you should not have any problems installing.

Once the application is installed, you will find a clickable icon for TrueCrypt on your desktop.

Running TrueCrypt

When you open TrueCrypt, you will be welcomed by a simple main window (Figure A). In this window you will see a listing of volumes along with the Create Volume button. This button is where you begin. Click the Create Volume button to open the Volume Creation Wizard.

Figure A

The drives listed are not actual drives on your machine but drive letters available for you to associate with a container.

In the following example, we will create a new volume with an encrypted file container. This is the easiest method and allows you to place other files and directories into your container. So click the Create Volume button to open the Wizard.

When the Wizard opens it will, by default, select the Create an Encrypted File Container option. So at this window (Figure B), you need to click only Next.

Figure B

This option is the best option for new users.
The next window (Figure C) gives you the option of keeping the container visible or making it hidden. For the sake of simplicity, let's stick with the default and keep the container visible.

Figure C

The screen gives you a very obvious reason why you might want to create a hidden container file.
Click Next to move to the next window -- Volume Location. In this window (Figure D), you need to select the file that will be used for the container. Obviously, since this is the first run, there is no file already available for use. So when you click the Select File button you will not actually select a file but give the file a name.

Figure D

When you click the Select File button, the Explorer window will open where you will give your new container a name and click Save.
The next window (Figure E) asks you to select your encryption options. Here you will select which encryption algorithm you want to use (default being AES) as well as the hash-algorithm (default being RIPEMD-160).

Figure E

You can benchmark how each algorithm will affect the speed of encryption by clicking the Benchmark button. This is important if you are concerned about how the encryption will affect write speed on your machine.
Make your selections and click the Next button. In this next window (Figure F) you must define a size for your container. The size can be set in KB, MB, or GB. Make sure you give your container enough space to hold all the files you will need it to hold.

Figure F

This installation is set up on a Virtual Machine using VirtualBox, hence the pitiful amount of hard drive space remaining.
Once you have configured your necessary space, click Next. In this next window (Figure G), you need to set the password for your encrypted volume. In this window there are very detailed instructions on creating your password. This advice can be applied to creating any password on any system.

Figure G

You can also opt to use keyfiles instead of setting a password within the application.
If you do not have a keyfile already created, TrueCrypt can generate a random keyfile for you. To do this, select the Use Keyfiles checkbox and then click the Keyfiles button. When you click this button, a new window will open (Figure H) that is used to manage keyfiles.

In this window, there is a Generate Random Keyfile button. When you click the Generate button, random strings will begin generating in the window. At some point, click the Generate and Save Keyfile button. You will then be prompted to give the file a name and then click Save. Close that window and then click on the Add Files button, navigate to where you saved your random keyfile, select that file, and click Open.

Figure H

Take note of the warning when using keyfiles. If you choose this option, don't lose your keyfile!
In the next window (Figure I), you will see a random pool being generated. Move your mouse randomly within that window to generate as much of a random pool as possible and then click Format. The formatting will be quick, and you will have a working encrypted file container.

Figure I

The strength of the encryption is directly related to house much random mouse movement that occurs within this window.
With the process completed, it's time to go back to the main window. The first step is to click the Select File button, navigate to the container file you just created, and click Open. Now select a volume letter to mount the container to and click the Mount button, which will open a small window requiring you to enter the password associated with the container (Figure J).

Figure J

You can also select your keyfile for this container by clicking the Select Keyfiles button.

After you enter your password successfully, the container will be mounted to the drive letter you associated it with (in my example I used "R"). If you then go to My Computer, you will see that drive listed, ready for you to use.

Once you have saved all the necessary files to the encrypted container, you can go back to the main window and click the Dismount All button and the container will no longer be accessible. To use that same container, just go back to the mounting procedures and repeat the steps.

Final thoughts

TrueCrypt is a must-have for any fan of encryption. It makes for easy on-the-fly encryption of not only files but containers of files. It is reliable, safe, and ready to go.

Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

13 comments
cantoris23
cantoris23

How do you read an encrypted USB drive on a PC that does not have TrueCryot installed?

markh1289
markh1289

This article is obviously for newbies to this topic, which includes me. It's great, with 1 small frustration - what are keyfiles and what are the advantages/disadvantages over putting password into the application? If the answer is too involved for the scope of this article, a hyperlink would be good. Thanks, MH

barrieca
barrieca

Easy to follow and deploy.

The 'G-Man.'
The 'G-Man.'

and so have all the staff where I work for USB memory sticks. Company policy,

Mark W. Kaelin
Mark W. Kaelin

I do not regularly encrypt files and file folders, do you? Why? What applications do you use to create your encrypted files?

simonm
simonm

Hi, I have only used truecrypt a few times, but as i understand, the key file and password are just extra layers of security. The keyfile can be anything, you either make a random one in the program, or if you fancy you can use any file you wish from your hard drive :) make sure you dont change or lose the file though or you will probably never get your file unencrypted!!! Hope this helps

louspag
louspag

I have been using truecrypt for memory sticks, portable drives, test systems (vm hosts), home systems, etc.. So far it's been great, no issues, and the speed is acceptable. By the way truecrypt 6.2a supported windows 7 RC and truecrypt 6.3 supports windows 7. no issues using on both

SMparky
SMparky

One reason I try to resist encrypting is recovery. If a drive fails I can often pop it into a working system and recover a lot of the files. If they're encrypted it might be impossible. There are also issues about people encrypting their work. Sure, it's secure, but what if they leave the company? People regularly come to me because they forgot their password, so if they set up encryption and forget then we're really in trouble. I know there are good things about encryption, but you have to understand the risks too.

Chomps
Chomps

Thinking of trying it. Would like to have seen the retrieval process added to this posting. Thanks

Shepps
Shepps

TrueCrypt absolutely rocks. Never had an issue with it and the hidden volume feature is neat too. I think the only issue to note is that if you are encrypting to a FAT32 partition (e.g. USB stick) you are limited to a file size of 2GB, which although acceptable can sometimes not be enough. That is, however, not TrueCrypt's fault. Using a portable hard drive with NTFS allows much greater file sizes and hence larger TrueCrypt volumes. Also be careful when detaching the USB drive. Once made the fatal error of pulling it without doing so cleanly using the 'eject' feature. That was one of the rare moments it DID make a difference as the cache had not written physically to the USB stick. Again, not TC's fault but mine...

twistedg
twistedg

The author did. From Figure J and beyond. You simply mount your file or drive with the password and you have a Windows file structure ready to use.

Editor's Picks