USB Encryption – a quick look

I had to do some research on both software and hardware based encryption for a project recently and although I had heard of TrueCrypt I had never actually used it.  Although we chose not to use the product for this particular project (company did not like the idea of Open Source, but that’s another story for another time) I wanted to see if I could encrypt a USB drive in such a way that the PCs I used the device on did not need TruCrypt installed.  Well, this is a quick guide to how TruCrypt does just that.

This was done on a XP/SP2 desktop.  TrueCrypt does not work on Vista yet, refer the the venders Web site for details.

Firstly, you cannot use Full disk encryption for this, why not??  Well, the TrueCrpyt.exe file has to live on the USB device and in order for it to run you need to access the volume … if the volume is encrypted then you can’t read it without using TrueCrypt … which is encrypted on the volume !!!  So, we create an encrypted “volume” on the device, which is kinda like an encrypted folder. 

  • Install TrueCrypt
  • Load TrueCrypt Format.exe from the programs folder where you installed Truecrypt
  • Create a standard volume and click NEXT
  • Choose Select File and create a new file of your choice on the USB drive which will become the encrypted volume, remember to give the name a .tc extension,  then click OPEN followed by NEXT
  • The choice of which encryption settings to use is a personal one based on requirements or knowledge .. defaults were fine for me, click NEXT
  • Set the size of the volume to be a few MBs less than the full size of the device … the remaining space will be used to host the TrueCrypt.exe files.  Typically you will need about 3mb for the TruCrypt files.
  • Choose your passphrase **Read the warnings** click NEXT
  • Click Format when you are ready — make sure you are on the correct drive letter for the USB drive in question

That’s the volume created, so now we configure TrueCrypt to mount the volume when the drive is plugged in

  • Launch TrueCrpyt.exe
  • TrueCrypt has a featured called Traveler disk which allows us to finish off the task, so choose this from the Tools menu
  • Create the Traveler disk files on the drive letter associated with your USB drive
  • Choose Auto-mount and then choose the volume file that you created in the steps above
  • Leave the mount drive letter as First Available … this will help stop drive conflicts in the future
  • Click on CREATE
  • This should create the required file structure and autorun.inf.
  • Once done click on the CANCEL button to close Traveler Disk

Remove the USB stick and then plug it back in to test.  Depending on how your PC in setup to handle USB devices you will probably be prompted with a choice on what to do …. if you are then Run TrueCrpyt should be on the list, so select that.

Enter your passphrase into the dialog box and this should mount the volume to the next available free drive letter.

Note: You will have two drive letter pointing to the USB drive, but one will show you the TrueCrypt folder and is therefor the un-encrypted volume, the other will be the encrypted volumes

This worked for me, however please remember I cannot guarantee it will work for everyone…..

Technorati tags: , , ,


3 Responses to “USB Encryption – a quick look”

  1. paul Says:

    Hope you can help.
    The automation is not working on my USB key.
    Have created the tc folder on the usb drive and can mount it manually through truecrypt and write/read to it.
    The traveller disk setup completed successfully and the .inf file was created. i have tried it selecting – start truecrypt and auto mount TC volume with no joy?
    i also tried the vbs and inf file to auto strat with no joy??
    very frustrating!! again hope you can help

  2. blackhatspider Says:

    I seem to remember that this happened to me as well actually … I will try the process again over the weekend and let you know.

  3. blackhatspider Says:

    Hi Paul,

    I think may I understand what is going on, but please let me know if this does not answer your question.

    You mentioned the “Auto-mount” choice, which within the Trucrypt software seems to be a strange option in that, by design, it is not able to directly “find” any tuecrypt patitions and actually scans local drives/devices for TC partitions. I have not actually used this option as I don’t have any Truecrypt partitions, I use Truecrypt “volumes” and this seems to make a difference to the “Auto-Mount” feature.

    Can I suggest that you try loading Truecrypt, select a free drive letter, then use the “select file” button and locate the volume you created on the USB drive. Then choose the “Mount” button and type in the password to see what happens.

    This however does not explain why the Truecrypt software does not load when you put the USB device into the computer … do you get prompted to choose “what to do” when the USB stick is plugged in? Perhaps the autoplay is disabled for the USB device?

    Like I said, please let me know if this doesn’t help and I will try and suggest something else.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: