You are on page 1of 6

Encrypting a Pen Drive Using TrueCrypt

This document details the steps to encrypt a USB Pen drive using TrueCrypt. TrueCrypt is free and open-source security software allowing encryption of documents and data files using various secure industry standard encryption algorithms combined with a user-chosen password.

Prerequisites
A USB drive:Whilst it is possible to make use of a USB Drive containing existing data we recommend that you start with a freshly formatted Drive containing no data. Formatting with the FAT32 file system will allow an encrypted folder of up to 4 GB in size. Please refer to ISD Helpdesk if you require any help formatting the Pen Drive or require an encrypted folder > 4GB A computer running Windows 2000, XP, Vista or Windows 7 TrueCrypt 6.3a installed on your PC if not already installed, please contact the ISD Helpdesk to request an install.

Setting up your USB Pen Drive for the first time


1.

Initial setup of TrueCrypt will require you to create a TrueCrypt Volume on your Pen Drive. Open TrueCrypt from the Programs Menu. Click [Create Volume] 5. Select Standard TrueCrypt volume and click [Next]

2.

3.

6.

Click [Select File] and browse to your USB Drive

4.

The Volume Creation Wizard will start. Select Create an encrypted file container and click [Next]

For assistance please contact IT Helpdesk on 029 2041 7000 or Email ITHelpdesk@cardiffmet.ac.uk Produced by Library and Information Services Last modified 07/02/2012

7.

Enter the name (do not call it TrueCrypt) you want to use for the Volume (encrypted file container) and click [Save]. The example below creates a container called Encrypted

11. At this point you need to enter a password for the Volume. Youll need to enter it twice and if it is less than 20 characters, youll get a message advising that you are using a weak password. 8. Ensure the Never save history checkbox is ticked and click [Next] We recommend use of a strong password with a minimum length of 8 characters that utilises a mixture of upper and lowercase letters, numbers and symbols. Remember that despite the encryption, the security of the encrypted container relies upon the strength of the password you set at this point. Warning: There is NO password recovery for TrueCrypt. If your password is forgotten/lost it will NOT be possible to access the encrypted file container! 9. Select the Encryption Algorithm (the default of AES is fine) and click [Next] Set the password for the encrypted volume and click [Next].

10. Specify the size of the encrypted Volume you want to create in MB and click [Next]. When setting the size bear in mind the total number and anticipated size of the documents youll want it to store in it as it cannot be increased later. Also, consider leaving free space on the pen drive to allow setup of Traveler Mode (if required) and for any requirement to store unencrypted data.

For assistance please contact IT Helpdesk on 029 2041 7000 or Email ITHelpdesk@cardiffmet.ac.uk Produced by Library and Information Services Last modified 07/02/2012

12. Move your mouse randomly for several seconds to increase the cryptographic strength of the encryption keys and then click [Format]. Note that at this point the Volume will be created and time taken will depend upon the container size you set.

Using a TrueCrypt Volume


17. Start TrueCrypt, and click [Select File]

13. The following screen appears during the formatting process: 18. Browse to your USB drive, select the Volume and then click [Open]

14. Once formatting is completed, click [OK] 19. Youll now need to click once on a drive letter to allow the Volume to be mounted. Note that only available driver letters are displayed so just select a letter and remember which one youve chosen as thats how youll access your files from Windows Explorer and your Applications. 15. Once creation of the Volume completes, click [Exit]

16. Your TrueCrypt Volume (encrypted file container) is ready for use.

20. Once youve selected a letter click [Mount]

For assistance please contact IT Helpdesk on 029 2041 7000 or Email ITHelpdesk@cardiffmet.ac.uk Produced by Library and Information Services Last modified 07/02/2012

21. You will be prompted for your password for the Volume. Enter the password and click [OK]

23. Once youve finished working with your encrypted files you need to dismount the Volume. To do this:a. Right-click on the TrueCrypt icon next to the clock in the bottom right of the Desktop. In Windows XP it should be accessible via the System Tray. In Windows 7 it should be accessible via the Notification Area and then select Dismount All Mounted Volumes.

22. You can now access and use the TrueCrypt Volume from Windows Explorer and from within your Applications to open, copy, paste and save documents as you would with any of your other drives (e.g. such as your H: drive). The screen shot below, shows a windows explorer view of the drive letters available on the PC used to create this guide. Note that in this case, the Volume was mounted to drive I: b. Before physically removing the USB Pen Drive you should follow the processes detailed below for both Windows XP and Windows 7 to ensure you safely remove the USB Pen Drive:i. In Windows 7, look for the Safely Remove Hardware and Eject Media icon in the Notification Area

Click the icon and you'll see a list of devices. Click the entry for your USB Pen Drive. Windows will display a notification telling you when it's safe to remove the device and you can then physically unplug it.

For assistance please contact IT Helpdesk on 029 2041 7000 or Email ITHelpdesk@cardiffmet.ac.uk Produced by Library and Information Services Last modified 07/02/2012

ii. In Windows XP look for the Safely Remove hardware icon in the System Tray

The steps for setting up and running TrueCrypt in Traveler mode are detailed below. 24. Within TrueCrypt select Tools Menu > Traveler Disk Setup

Right-Click the icon and select Safely Remove Hardware. The Safely Remove Hardware window should appear. Tick Display Device Components and then select the USB Pen Drive entry and click [Stop]. A confirmation box appears; check that it shows the correct device and if so click [OK] Windows will display a notification telling you when it's safe to remove the device and you can then physically unplug it. 25. Click [Browse] and select the drive letter corresponding to your USB Pen Drive, then click [OK]. In the example, the Pen Drive being used is a Kingston Drive mounted at F:

TrueCrypt Traveller (Portable Mode)


Configuring your USB Pen Drive in Traveler/Portable mode will allow you to access a TrueCrypt Volume on PCs that do not have TrueCrypt locally installed. What this means is that a copy of the TrueCrypt executable is placed in an unencrypted section of the USB Pen Drive and run directly from there. Note that Traveler mode functionality requires administrator rights on the PC as the TrueCrypt application needs to install driver files to the PC. It is not standard ISD policy to grant administrative rights to CardiffMet PCs as this raises security issues related to the integrity of the Operating System and concerns regarding potential attack windows, spread and impact of security threats, viruses and general malware. As a result whilst Traveler mode can be setup on the USB Pen Drive using a CardiffMet PC, it is not possible to run the TrueCrypt application in Traveler mode. This is easily addressed with CardiffMet PCs by requesting that TrueCrypt be installed to the PC if it is not already available.

For assistance please contact IT Helpdesk on 029 2041 7000 or Email ITHelpdesk@cardiffmet.ac.uk Produced by Library and Information Services Last modified 07/02/2012

26. Click [Create] and the required files are copied to the USB Pen Drive

Running TrueCrypt in Traveller Mode


30. To run in Traveler Mode, plug-in your USB Pen Drive and use Windows Explorer to browse to the folder on it named TrueCrypt 31. Open the TrueCrypt folder and then double-click the file named TrueCrypt.exe

32. The TrueCrypt Application will open as normal and


you then use it as per the instructions contained in the Using a TrueCrypt Volume section of this guide. 27. Once completed and acknowledgement message appears which also points out the administrator rights issue. Click [OK]

Further Information
For further information, please see the User Guide accessible from the Help Menu in the TrueCrypt application. You can also visit the TrueCrypt Website at http://www.truecrypt.org

28. Click [Close] 29. Traveler Mode is now complete and if you check the Pen Drive in Windows Explorer you will find a folder named TrueCrypt containing the files required to run Traveler Mode.

For assistance please contact IT Helpdesk on 029 2041 7000 or Email ITHelpdesk@cardiffmet.ac.uk Produced by Library and Information Services Last modified 07/02/2012