I had to do some research on both software and hardware based encryption for a project recently and although I had heard of TrueCrypt I had never actually used it. Although we chose not to use the product for this particular project (company did not like the idea of Open Source, but that’s another story for another time) I wanted to see if I could encrypt a USB drive in such a way that the PCs I used the device on did not need TruCrypt installed. Well, this is a quick guide to how TruCrypt does just that.
This was done on a XP/SP2 desktop. TrueCrypt does not work on Vista yet, refer the the venders Web site for details.
Firstly, you cannot use Full disk encryption for this, why not?? Well, the TrueCrpyt.exe file has to live on the USB device and in order for it to run you need to access the volume … if the volume is encrypted then you can’t read it without using TrueCrypt … which is encrypted on the volume !!! So, we create an encrypted “volume” on the device, which is kinda like an encrypted folder.
- Install TrueCrypt
- Load TrueCrypt Format.exe from the programs folder where you installed Truecrypt
- Create a standard volume and click NEXT
- Choose Select File and create a new file of your choice on the USB drive which will become the encrypted volume, remember to give the name a .tc extension, then click OPEN followed by NEXT
- The choice of which encryption settings to use is a personal one based on requirements or knowledge .. defaults were fine for me, click NEXT
- Set the size of the volume to be a few MBs less than the full size of the device … the remaining space will be used to host the TrueCrypt.exe files. Typically you will need about 3mb for the TruCrypt files.
- Choose your passphrase **Read the warnings** click NEXT
- Click Format when you are ready — make sure you are on the correct drive letter for the USB drive in question
That’s the volume created, so now we configure TrueCrypt to mount the volume when the drive is plugged in
- Launch TrueCrpyt.exe
- TrueCrypt has a featured called Traveler disk which allows us to finish off the task, so choose this from the Tools menu
- Create the Traveler disk files on the drive letter associated with your USB drive
- Choose Auto-mount and then choose the volume file that you created in the steps above
- Leave the mount drive letter as First Available … this will help stop drive conflicts in the future
- Click on CREATE
- This should create the required file structure and autorun.inf.
- Once done click on the CANCEL button to close Traveler Disk
Remove the USB stick and then plug it back in to test. Depending on how your PC in setup to handle USB devices you will probably be prompted with a choice on what to do …. if you are then Run TrueCrpyt should be on the list, so select that.
Enter your passphrase into the dialog box and this should mount the volume to the next available free drive letter.
Note: You will have two drive letter pointing to the USB drive, but one will show you the TrueCrypt folder and is therefor the un-encrypted volume, the other will be the encrypted volumes
This worked for me, however please remember I cannot guarantee it will work for everyone…..
Technorati tags: truecrypt, encryption, usb encryption, usb drives