File encryption on USB drives using TrueCrypt

Purpose

Provide a consistent method of collecting and securing confidential data, in a portable, easy to update format.

Equipment

  • A standard USB key with enough storage, that
    • does not have built-in encryption;
    • has as much space on the key to be used for the TrueCrypt file as possible.
  • TrueCrypt
    • Free, open-source, on-the-fly encryption;
    • Exists on USB, does not need to be installed on any machine;
    • Creates a virtual encrypted disk within a file and mounts it as a real disk;
    • Encryption is automatic, real-time (on-the-fly) and transparent;
    • Parallelization and pipe-lining allow data to be read and written as fast as if the drive was not encrypted.
  • Operating Systems
    • Windows;
    • Linux;
    • Apple.
  • Installation instructions
    • See below.

Windows-based TrueCrypt file creation on USB Keys

Assumptions

  1. User has administrative rights on the system;
  2. Has TrueCrypt 7.1a
  3. Has a USB Key;
    • Preferably blank
    • Formatted to NTFS if your files are larger than 4GB, otherwise you can use FAT32.

      decorative
  4. Know what  desk USB Key Drive letter is during these procedures.

One time set up steps

NOTE THAT THE FOLLOWING PROCEDURE WILL TAKE UP TO 3 HOURS TO FORMAT A 30 GB KEY.  START EARLY IN YOUR DAY TO ENSURE COMPLETION.

  1. Obtain blank USB Key (it does not HAVE to be blank, it’s just safer to start with a blank one) and format it.

  2. Download TrueCrypt from  https://truecrypt.ch/downloads/

  3. Create the TrueCrypt Volume on your USB.

    1. Run TrueCrypt.exe.
    2. Select I accept the license terms and click Next.

      decorative
    3. Click Extract.

      decorative
    4. Hit OK on the Note about portable mode screen and then Yes.

      decorative

      decorative
    5. Select your removable drive.

      decorative
    6. Type in a name for the folder where your files will be extracted.

      decorative
    7. Click Extract, OK and Finish

      decorative
    8. To start the application locate and double click TrueCrypt.exe in your removable drive (F:\FolderName)
    9. Hit the Create Volume button.

      decorative
    10. Make sure that the Create an encrypted file container option is selected and click Next

      decorative
    11. For the Volume Type select Standard TrueCrypt volume and click Next

      decorative
    12. In the Volume Location window click “Select File”.
    13. Enter a name for your container. To keep it cleaner you might want to put the container in the same folder where you extracted the TrueCrypt files.
    14. Click Next

      decorative
    15. Select an Encryption Algorithm and click Next.

      decorative
    16. Enter the Volume capacity for your container. Note that for a FAT32 volume the maximum size of the container is 4095 MB. Click Next.
    17. Create and confirm Volume Password (strong and long passwords needed) and click Next. Be sure to add your TrueCrypt password to your personal Password Safe, for safe keeping
    18. On the Volume Format screen you want to move your mouse around the screen in random patterns for at least 30 sec. The longer you do this the stronger the encryption will be.

      decorative
    19. Ensure that the Filesystem selection is NTFS and click Format.
    20. The time it takes to create the container depends on the size of the container and the performance of the computer. Your desktop computer may be slow or un-responsive for this time.
    21. Once completed, you’ll see a message saying the volume has been successfully created. Click OK.

      decorative
    22. On the Volume Created screen, if you don’t want to create another container click Exit.

      decorative
  4. Mount TrueCrypt volume.

    1. Double click TrueCrypt.exe on your USB key.
    2. Select drive "T:" from the list of available drives
      1. Drive "T:" for "TrueCrypt" (naming convention)
      2. If not available choose any other available drive letter.
    3. Click the Select File button, locate your newly created container and click Open.
    4. As long as everything looks correct click Mount button.

      decorative
    5. The Enter Password window will appear. Type in your password and click OK. You can now access this new volume like any other windows disk drive.

      decorative
    6. Click on the Windows button and then select Computer.
    7. Under Devices with Removable Storage you will find your USB key. You can continue to add files to it as long as you have space, but they won’t be encrypted. Under Hard Disk Drives you will find the T drive. This is the encrypted TrueCrypt container mounted to your system. Double click to open it.
    8. You can now move or create your confidential files in this drive. They will be encrypted.

      decorative
  5. Dismount TrueCrypt volume

    1. Once you’re done, go back to the TrueCrypt screen and click Dismount and Exit.

      decorative
    2. You can now safely eject the USB drive and remove it from the computer.

You can follow the same steps to mount the volume and access the encrypted files.


Accessing the Data within the encrypted drive

  1. Insert the USB key.
  2. Open the USB drive (note the drive letter; here F:\), open the True Crypt folder.
  3. Run the Truecrypt.exe binary.
  4. When the TrueCrypt GUI opens, chose a drive letter.
  5. Use the Select File button to bring up a file selector and navigate to the encrypted file on the USB drive (F:\FonderName\ContainerName).
  6. Select MOUNT in TrueCrypt and enter the password for the encrypted file system.
  7. Check on MyComputer and see a drive letter where the USB key is mounted (F:\) and also the drive letter for the encrypted drive (T:\).
  8. Double click on the T:\ drive and you will then see the contents of the encrypted data copied here when the USB was last sync'ed with the source data.

Closing up access to the Data within the encrypted drive

  1. Exit any open access to files within the encrypted drive.
  2. Bring up the TrueCrypt GUI.
  3. With the target drive (T:\) hilighted, press the Dismount button
  4. The association is removed from the T:\ drive.
  5. Exit the TrueCrypt GUI.
  6. Eject the USB drive using it's drive letter (F:\).

Published on  and maintained in Cascade CMS.