How to Encrypt USB Flash Drives Using Truecrypt

This tutorial will teach you how to password-protect your usb drive data using free open source encryption security software. Why? Well I am sure many of you know the reason… “the fear of having your important data falling into the wrong hands”, specially in this era of identity theft and other digital crimes.  However, using this project for that reason alone can be rather simple and trivial. With data encryption you will discover new ways of using your usb drive, ways you probably never thought of before.  When traveling, for example, I like to take my passport in digital format, that way if I happen to lose it I can always go to an embassy and obtain a new one. Having a digital copy can speed up this process significantly. This is specially important when traveling, as time is critical. Same goes for your credit cards, passwords, and other critical information too extensive for your brain to handle.

Nothing is full proof, however, I can tell you that strong encryption is almost impossible to break. For once, you cannot hack a password out of an encrypted file; you would have to guess it and the fastest way this could be achieved is by having a computer continuously try different password combinations. This is called a Brute-Force attack. However, the process can literally take years depending on how complicated your password is.

Data encryption does not come without drawbacks. Since the computer needs to work extra to decrypt data as it is reading it, encrypted usb drives will lose some performance. Truecrypt not only offers a wide variety of encryption types, it also tells you what is the best and fastest encryption for your drive.  In addition, Truecrypt allows you to do a performance test on your drive and will show its performance depending on the data encryption type you choose. I addition, Truecrypt will allow you to encrypt your files using more than one type of encryption for stronger protection. Truecrypt will also give you the ability of automatically prompt for username and password upon insertion of the drive into you computer, to make the signing process as quick as possible. Truecrypt can also be used as a full disk encryption software, giving you the ability to completely encrypt all types of storage media.  and if that wasn’t enough here is another reason to use Truecypt: Now you will also be able to chose from a wide variety of cheap usb drives and not spend extra money on drives that already come with encryption.


Steps to Encrypt your USB Drive

Step 1: Download TrueCrypt

Step2: Install TrueCrypt

Step 3: Click “Create Volume


Step 4: Leave selection on “Create an encrypted file container” and click “Next


Step 5: Leave selection on “Standard TrueCrypt Volume” and click “Next


Step 6: Find out what drive letter the computer assigned to the drive and give a name to the file that will contain the encrypted volume. Write everything in path form, for example, if you decide to name your volume “encrypted” and your computer assigned letter “G” to the USB flash drive, then you will enter “g:\encrypted.tc“.  Do not forget to write the “.tc” extension at the end of the file name (take a look at the image down below).

Step 7: Click “Next



Step 8: Choose encryption (you can leave the defaults) and click “Next“. (You can do research on the best usb security encryption that suits your needs, however, for the purpose of this article we are going to leave the defaults as they already are strong and fast. )


Step 9: Enter the size of the volume you wish to create. Your flash drive is most likely formatted in FAT32. If this is the case, you will not be able to create a larger volume than 4GB. If your flash drive happens to be smaller than 4GB in size, do not create a volume that fills the whole capacity of the drive. You have to leave some space for the TrueCrypt executable files which we will include later. I usually leave about 5MB of free space, however, it is wise to leave a larger space so you can share files with other people.

Step 10: Click “Next


Step 11: Set a strong password. The stronger you make it, the longer it will take to crack it. Usually a strong password is one that is long and contains alpha numeric characters, like numbers and symbols.

Step 12: Click “Next


Step 13: Move your mouse on top of the TrueCrypt installation window. This is done to create random encryption keys. As explained in the text highlighted in the picture below, the longer you move the cursor the stronger the keys will be.

Step 14: Click “Next

**After Step 14 the installation wizard start again, so click “Cancel“**


Step 15: Navigate to your flash drive and create a text file. Copy the following test and paste it into the text file:

[autorun] label=TrueCrypt Drive icon=truecrypt.exe action=Mount TrueCrypt Volume open=truecrypt /v encrypted.tc /lx /q /a /m rm /e shell=mounttc shell\mounttc=&Mount shell\mounttc\command=truecrypt /v encrypted.tc /lx /q /a /m rm /e shell=dismounttc shell\dismounttc=Dismount shell\dismounttc\command=TrueCrypt.exe /d /q background shell=runtc shell\runtc=Run TrueCrypt shell\runtc\command=truecrypt

As you can see, I have typed the word “encrypted.tc” in red. This is the name I gave to my encrypted volume. In our example we named it “encrypted“, but you can modify it if yours is named differently. I also modified some of the characters with the color green, that represents the drive letter you would like to assign to your mounted volume. Try choosing a letter high in the alphabet so that it does not conflict with the ones automatically assigned by the computer. For this example we are choosing the letter “X“.  Save the file as “autorun.inf.

Step 16: On the computer where you used to create the encrypted flash drive, go to the “c:\program files\truecrypt” directory and copy the files truecrypt.exe and truecrypt.sys and paste them into your flash drive. Now you should have all 4 files together in the flash drive. The following picture illustrates the contents of the flash drive after all files are in place.

Now, safely disconnect and remove your flash drive from the computer and reconnect it again. Once the encrypted usb drive is inserted, Windows should automatically ask you if you wish to “mount” or connect the encrypted volume.

As you can see in the picture below, when the usb flash drive is connected two drives will appear. One will be regular flash drive and the other will be your encrypted drive. The encrypted drive is nothing more than a drive within a you flash drive. If you open the drive that corresponds to your regular flash drive you will see that inside there is a file we created called encrypted.tc, this is where your encrypted files are stored; that is your encrypted drive, but you can only access it though the second drive that appears on “My Computer”.

If you decide to mount it later, you can always do so by double clicking on the drive letter. If you wish to see the unencrypted part of the drive, just right click on the drive letter corresponding to your regular usb drive and hit “Explore“. Don’t forget to always dismount the volume safely, or your encrypted volume might get corrupted. To do this, right click on your regular usb drive letter (not the encrypted mounted volume) and click on “Dismount“.

Note: Windows 7 has disabled autorun by default to prevent viruses. If you are in this situation, you can open your encrypted volume using the file TrueCrypt.exe inside your flash drive. There is a way to enable autorun in Windows 7 if you wish to do so, a quick search in Google should give you an answer; just be careful of what you insert on your computer from that point on.


Final Thoughts

Usb encryption is definitely a must, specially since these devices are small and portable, making them a perfect recipe for disaster. With Truecrypt you will be able to protect your data using the latest and most secure data encryption technology. Truecrypt is definitely a state of the art file encryption software. It does exactly what you want and much more. It is one of the best usb security tools out there and incredibly enough, it’s free. With this article I tried not only to provide a tutorial that helps, but also one that works. You can find many articles on the web on the same subject ” how to encrypt a usb drive”. However you will have a hard time finding one that actually works. That is why I decided to write my own. I hope this article helps you. If you have any questions feel free to ask.

9 comments:

  1. Herman Hanssen, 16. August 2011, 13:59

    Hello,
    I have followed the procedure. I have created the encypted file “test” and after mounting a drive “x” for this “test’ file I put an avi-file “movie” to the encrypted drive “x” (that is file “test”). After putting the flasdrive on the same PC and after mounting a drive the file “movie runs well.
    But after connecting the flash drive to another pc the autorun doesn’t start. So:
    * I start truetype.exe
    * select the encrypted file called “test”
    * select a drive (x) to mount “test”
    * the drive “x” is active
    * if I select the drive “x” in windows-xp explorer it looks okay right at the beginning (I can see the file “movie” in the list, but after a few seconds an error occurs and I cannot start the “movie” file in media player.

    Does somebody has an answer or solution in mind?

     
  2. Pablo Garcia, 10. April 2011, 20:03

    Hi Robert:
    “Mount” is a common term that means to install the drive in Windows and make it appear under “My Computer”, to connect it to Windows, etc.

    You do not need to install any files on your computer other than the computer you are creating the encrypted on. The purpose of the article is to create an encrypted flash drive that you can take to any computer and be able to open it without having to install anything on that computer.

    If you are using Windows 7, the “autorun” is disabled by default to prevent viruses. Many antiviruses block autorun as well.

    I modified and expanded the section right before the last picture, hopefully that clears things up a bit for you and anybody else that reads this.

    If you have any questions let me know and I will be glad to help.

     
  3. Robert Jacobs, 10. April 2011, 18:24

    You’ve skipped a couple of steps some where? I did exacltyy what you said and when I put in the flash drive which is a 16gb Data traveler by Kingston. I get a pop up asking me if I want to do a scan disk, which I have never gotten beofore. I am NOT getting this as you say in your artilce (Once the encrypted usb drive is inserted, Windows will automatically prompt you to “mount” the encrypted volume) You don’t make things very clear what files or what to put in the C\drive on the computer itself. But you have a picture of your hard drive with tow files in there one is the “main flash drive” and the other is” mounted encrypted volumne.” No where in your article do you speak about putting those in there. You need to be more specific …

     
  4. Pablo Garcia, 22. February 2011, 0:29

    Hi, yes, Windows 7 prevents it from opening. However that is Windows 7 fault and there is nothing that can be done about it.

     
  5. gfheiche, 21. February 2011, 22:02

    Does this work in Windows 7? As far as I know autorun is blocked in windows 7 to prevent malware.
    gfheiche

     
  6. gasby34, 5. January 2011, 14:23

    What about Windows 7? Autorun has been disabled in Vista, Win7 and WILL BE in XP. there’s got to be a way to run this.

     
  7. Troy, 23. December 2010, 15:24

    I prefer hardware based encrypted drives such as Ironkey and Data Locker since they are much easier to use and nothing to mess with. However the upside with Truecrypt is that its free..

     
  8. Megan, 22. December 2010, 16:58

    I get a pop up box when I plug in my flash drive to my desktop (the computer I used when I did these instructions) that asks if I want to Mount TrueCrypt Volume, etc., however, I do not get this box when I plug my flash drive into my laptop. How can I get the box to come up on my laptop?

     
  9. Dan, 31. October 2010, 3:12

    Great tutorial!

    I am a huge fan of TrueCrypt, and of keeing portable devices encrypted. Especially with flash drives which are so easy to lose. I have my whole netbook harddrive encrypted too.

     

Write a comment:


You will receive an email when your comment is answered

Time limit is exhausted. Please reload the CAPTCHA.

.