With the prevalence of Identity Theft on the rise, it is becoming more important to protect financial data, safeguard passwords, and keep personal information secret.
Businesses can add business value by using encryption. There are a number of commercial and free encryption solutions available. This tutorial features TrueCrypt to demonstrate how to create an encrypted volume where any files stored will be encrypted.
Why TrueCrypt?
TrueCrypt offers certain advantages over other encryption solutions. It works on multiple platforms, including Linux, MacOS X, and recent versions of Windows. It can be used to create encrypted volumes, partitions, or entire drives.
It works on removable devices like flash drives. TrueCrypt supports a number of encryption algorithms including AES, Serpent, and Twofish, meaning that encryption is secure enough to satisfy the US Government for Top Secret information.
Installing TrueCrypt
Download TrueCrypt for Windows from TrueCrypt.org and run the setup program. Accept the terms of use, and select "Install" rather than "Extract" and click [Next>]. Accept all the defaults on the next screen, until you see the message "TrueCrypt has been successfully installed." TrueCrypt will offer to present a tutorial chapter - viewing this is optional.
The first time TrueCrypt is run, the user sees the standard interface (see screenshot TrueCrypt1). The goal here is to create a special sub-directory on a PC in which all files stored will automatically be encrypted. This sub-directory is considered a volume, and can only be accessed when it is mounted using the correct password.
Creating an Encrypted Volume
Clicking the [Create Volume] button will bring up the TrueCrypt Volume Creation Wizard (screenshot TrueCrypt2). With "Create an encrypted file container" selected, click [Next >]. On the next screen, choose "Standard TrueCrypt Volume" and click [Next >] again. In the "Volume Location" window, click [Select File ...]. Here, the TrueCrypt user will create a new folder for the encrypted volume.
In the "File name" field, enter "Secret Data" (or some other suitable name) and click [Save], then [Next >]. Keeping the defaults in the next window, click [Next >] again. TrueCrypt then asks for the size the new volume should have. This size has to be selected with some thought to the amount and type of data that is to be encrypted.
Size of Encrypted Volume
If the data that is to be encrypted already exists, it's current size can be used as a guideline. Multimedia files like pictures and video take up more space, less so for word documents or spreadsheets. It is better to over-estimate, because once the volume is created, it's size can never exceed the size specified during volume creation. This tutorial is using 250 Megabytes, but any file size supported by the Windows can be entered.
Choose a Password
The final step in volume creation is choosing a password. As with all passwords, the more complex it is, the more secure it is. Numbers, letters, spaces and mathematical symbols are allowed, up to 64 characters. A minimum of 20 safeguards against brute-force attacks. No dictionary words or common phrases should be used. Enter the chosen password in the appropriate fields. Do not check either of the check-boxes for this exercise.
In the next screen, leave the default Filesystem as "FAT" for the greatest flexibility, and leave the other options at their defaults as well. Click [Format], and wait for TrueCrypt to format the new volume. It will display the message "The TrueCrypt volume has been successfully created." Click [Exit] to return to the main TrueCrypt screen.
Mount the Encrypted Volume
To use the newly created encrypted volume, it has to be "mounted", and assigned a drive letter. In the main TrueCrypt program, select an un-used drive letter from the list. In the volume field, enter the name of the volume as created above, or use [Select File] button to choose the file. Click the [Mount] button to finish mounting the volume. At the prompt, enter the password with which the volume was created.
Using the Encrypted Volume
While the encrypted volume is mounted, it can be accessed and used as if it were a disk drive, via the drive letter it was mounted with. Any windows program that is capable of reading and writing files can store and retrieve data on this volume. Files can be copied to it normally. Multimedia files like music and video will play from this volume normally.
TrueCrypt works in the background, encrypting and decrypting the contents of the volume as they are used. The TrueCrypt user interface can be closed, it isn't necessary while the volume is in use. Once the user logs off, the volume becomes dis-mounted and must be mounted again before it's contents can be accessed. The user can also explicitly dis-mount a volume by running TrueCrypt, selecting the mounted volume, and clicking [Dismount].
Advanced Features of TrueCrypt
This article covered the basic steps in creating and using an encrypted volume, but TrueCrypt has some advanced features:
- Keyfiles - files which can be combined with a password, and must be referenced to mount an encrypted volume. Provides additional security.
- Hidden Operating Systems - a complete operating system can be encrypted, and remains hidden when not in use. Provides plausible deniability.
- Rescue Disk - for recovering an encrypted system partition if the boot sector becomes damaged.
- Portable Mode - for running TrueCrypt from a removable device like a flash drive or CD, without installing it on Windows.
Once the basic operations are mastered, these advanced features can be explored. In the mean-time, all sensitive data can be safe-guarded in a securely encrypted volume, safe from prying eyes or crooks.
Joe Poniatowski - I've been an IT consultant for over 20 years, and in that role I've written product reviews, training documentation, technical ...
