Encrypting a drive using TrueCrypt

Set up on the 20th August 2008 using version 6.0a on Windows XP Professional SP2

Installing TrueCrypt and creating an encrypted space:

• Step 1: Download TrueCrypt. TrueCrypt can be downloaded from the developers web site at www.truecrypt.org. Once downloaded, double-click the TrueCrypt Setup 6.0a.exe and follow the instructions. After the installation has completed, run the TrueCrypt application (usually from the start menu, or a shortcut on the desktop).
• Step 2: Click Create Volume from the application window.
• Step 3: Choose a volume creation wizard.
• Note: I chose to Create a file container - this allows you to easily move, copy or back up the encrypted volume from Windows Explorer.
• Step 4: Choose the volume type.
• Note: I chose a Standard TrueCrypt Volume.
• Step 5: Choose the volume location.
• Note: I left never save history checked, and then clicked Select File and browsed to the location where I wanted the volume to be created.
• Step 6: Choose a name for the volume.
• Note: I named the file with the extension .tc, i.e. myvolume.tc, for easy reference.
• Step 7: Click Next.
• Step 8: Select the encryption options.
• Note: I chose the default settings of AES.
• Step 9: Choose a volume size.
• Note: When specifying a volume size, I left some spare disk space on the drive, so that later I could add the TrueCrypt.exe and truecrypt.sys files. This allows you to remove the drive and access the encrypted data on another PC (admin privileges permitting) without having to install TrueCrypt. It also allows you to store other files on the drive which do not need to be encrypted.
• Step 10: Type a strong password.
• Step 11: Format the volume.
• Note: As suggested, make sure you randomly move your mouse pointer within the wizard for at least thirty seconds to create a strong encryption key

After you click Format, TrueCrypt will begin to create a file as specified in Step 6. Depending on the size of the container being encrypted this may take some time.

Once this has finished, the volume is encrypted and ready for use.

To access the encrypted data, the volume needs to be mounted. This can be done from within the TrueCrypt application or by creating a batch file, which will automate much of the process.

Mounting the Volume for use

Option 1: Mounting the Volume via the TrueCrypt application:

• Run TrueCrypt
• Select a drive letter
• Click Select File, and browse to the encrypted file
• Click Mount. You will be prompted to enter the password to access the encrypted volume.

The encrypted space should now be accessible from Windows Explorer as a mounted drive using the drive letter selected previously.

Option 2: Mounting the Volume via a batch file:

This is useful for automating many of the steps needed when using the TrueCrypt application, and is my preferred method.

First, copy the required TrueCrypt files to the top level of the drive:

• truecrypt.sys is a system file for 32-bit systems
• truecrypt-x64.sys is a system file for 64-bit systems
• TrueCrypt.exe is required to mount the virtual drive
• TrueCrypt Format.exe is only required if you want to create a new volume (virtual drive)
• A Configuration.xml file will be created after you first run TrueCrypt - this will store any custom settings

Next create the batch file to mount or dismount the volume. Note: The file should be saved as a .bat extension, not .txt.

Hard Disk Drive Mount Example:

USB Mount Example:

Dismount Example:

The above examples are where:

• TrueCrypt: runs the TrueCrypt.exe application
• /v myvolume.tc: finds the encrypted volume
• /lx: mounts the volume to drive 'x' (any drive letter not in use can be specified)
• /a: is implicit if /v is specified
• /e: opens an Explorer window after mount
• /q: stops the main TrueCrypt window from being opened
• /m rm: mounts the volume as a removable medium (required for USB)
• /dx: dismounts the drive specified – 'x' in this case (if left blank all encrypted drives are dismounted)

Go back to the How-to Guides main page.