Protect Sensitive Files with TrueCrypt

Do you have very important documents that are definitely for your eyes only? Financial statements, private legal documents or porn (pardon the pun) perhaps that you don’t want your wife to see? If you have files that should not be accessible by the public domain you can encrypt the file and hide it from prying eyes with TrueCrypt.

Why TrueCrypt? I chose TrueCrypt for the following reasons:

• First off its open source, so it means its free and its supported by a large and active community of developers.
• It provides two levels of plausible deniability, in case you are forced to reveal your password.
• Can encrypt an entire partition or storage device such as a USB flash drive or hard drive.
• Can encrypt a partition where Windows is installed (pre boot authentication).
• Allows creation of virtual encrypted disk within a file and mounts it as a disk which makes it very portable.

I won’t delve into too much details on the other features/uses of TrueCrypt but let me just show you how I use it to protect (encrypt) my sensitive data and then backup my data to another third party backup provider like Adrive.

First off I’ll only install TrueCrypt on traveler mode. This means during install I choose the Extract radio button instead of the Install option.

Then once I’ve extracted all the required files, run the TrueCrypt executable. What you want to do is to create an encrypted volume. Click on the Create Volume button and choose the Create a file container option.

Then on the next window just choose the Standard TrueCrypt volume radio button. After that, you will be required to create a file (file name) that will serve as your volume container. I suggest choosing a file name without any extension to make it look like an orphaned file.

After creating the file you’ll be presented with different options for encryption algorithms, you can use the default options or change it to the other possible algorithms.

The next option then will be to indicate the maximum capacity of your volume. I chose mine to be 50 Megabytes in size because I only intend to place important documents there and not my entire archive, plus I want it to be very portable and relatively fast to throw over http.

Then on the next window you will be prompted for your password. For your security, choose a password that’s at least over 20 characters long using a combination of numbers and letters. Just leave the two checkboxes at the bottom unchecked (Use keyfiles, Display password).

On the next dialogue box (Volume Format) choose NTFS, default cluster and make sure that the Dynamic checkbox is unchecked for security reasons. Dynamic drives are easier to exploit than fixed size volumes. Finally click on the Format button and when TrueCrypt is done you should see this message window.

To start using your encrypted file, run the TrueCrypt executable again then select the file (Select File button) that you’ve just created. Choose a drive letter on the dialogue window then, click on the mount button and you will be prompted for a password. Type in the password for the file and click on the Mount button. You should be able to see your mounted volume on the TrueCypt window.

Of course then you should be able to see your drive on Windows Explorer as well. My encrypted drive for this case is Drive Y.

You can start throwing in all of your documents that you need to secure and encrypt. Then, when you are done, right click on the TrueCrypt icon on the taskbar, dismount the drive and close TrueCrypt. Your files are now safe and sound. Oh, just a note, don’t you ever forget your password or you will never retrieve your files again. For the backup to a third party service part, I’ll have to write it some other time since this post has been long enough. ^_^