Encrypting a USB Drive Using TrueCrypt This document details the steps to encrypt a USB Pen drive using TrueCrypt. TrueCrypt is free and open-source security software allowing encryption of documents and data files using various secure industry standard encryption algorithms combined with a user-chosen password. Prerequisites A USB drive:- Whilst it is possible to make use of a USB Drive containing existing data we recommend that you start with a freshly formatted Drive containing no data. Formatting with the FAT32 file system will allow an encrypted folder of up to 4 GB in size. Please refer to ISD Helpdesk if you require any help formatting the Pen Drive or require an encrypted folder > 4GB A computer running Windows 2000, XP, Vista or Windows 7 TrueCrypt 7.1 installed on your PC if not already installed, please contact the ISD Helpdesk to request an install. Setting up your USB Pen Drive for the first time 1. Initial setup of TrueCrypt will require you to create a TrueCrypt Volume on your Pen Drive. 2. Open TrueCrypt from the Programs Menu. 3. Click [Create Volume] 5. Select Standard TrueCrypt volume and click [Next] 4. The Volume Creation Wizard will start. Select Create an encrypted file container and click [Next]
6. Click [Select File] and browse to your USB Drive 10. Specify the size of the encrypted Volume you want to create in MB and click [Next]. When setting the size bear in mind the total number and anticipated size of the documents you ll want it to store in it as it cannot be increased later. Also, consider leaving free space on the pen drive to allow setup of Traveler Mode (if required) and for any requirement to store unencrypted data. 7. Enter the name (do not call it TrueCrypt) you want to use for the Volume (encrypted file container) and click [Save]. The example below creates a container called Encrypted 11. At this point you need to enter a password for the Volume. You ll need to enter it twice and if it is less than 20 characters, you ll get a message advising that you are using a weak password. We recommend use of a strong password with a minimum length of 8 characters that utilises a mixture of upper and lowercase letters, numbers and symbols. 8. Ensure the Never save history checkbox is ticked and click [Next] Remember that despite the encryption, the security of the encrypted container relies upon the strength of the password you set at this point. Warning: There is NO password recovery for TrueCrypt. If your password is forgotten/lost it will NOT be possible to access the encrypted file container! Set the password for the encrypted volume and click [Next]. 9. Select the Encryption Algorithm (the default of AES is fine) and click [Next]
Move your mouse randomly for several seconds to increase the cryptographic strength of the encryption keys and then click [Format]. Note that at this point the Volume will be created and time taken will depend upon the container size you set. Using a TrueCrypt Volume 16. Start TrueCrypt, and click [Select File] 12. The following screen appears during the formatting process: 17. Browse to your USB drive, select the Volume and then click [Open] 13. Once formatting is completed, click [OK] 18. You ll now need to click once on a drive letter to allow the Volume to be mounted. Note that only available driver letters are displayed so just select a letter and remember which one you ve chosen as that s how you ll access your files from Windows Explorer and your Applications. 14. Once creation of the Volume completes, click [Exit] 19. Once you ve selected a letter click [Mount] 15. Your TrueCrypt Volume (encrypted file container) is ready for use. 20. You will be prompted for your password for the Volume. Enter the password and click [OK]
21. You can now access and use the TrueCrypt Volume from Windows Explorer and from within your Applications to open, copy, paste and save documents as you would with any of your other drives (e.g. such as your H: drive). b. Before physically removing the USB Pen Drive you should follow the processes detailed below for both Windows XP and Windows 7 to ensure you safely remove the USB Pen Drive:- i. In Windows 7, look for the Safely Remove Hardware and Eject Media icon in the Notification Area The screen shot below, shows a windows explorer view of the drive letters available on the PC used to create this guide. Note that in this case, the Volume was mounted to drive I: Click the icon and you'll see a list of devices. Click the entry for your USB Pen Drive. Windows will display a notification telling you when it's safe to remove the device and you can then physically unplug it. ii. In Windows XP look for the Safely Remove hardware icon in the System Tray 22. Once you ve finished working with your encrypted files you need to dismount the Volume. To do this:- a. Right-click on the TrueCrypt icon next to the clock in the bottom right of the Desktop. In Windows XP it should be accessible via the System Tray. In Windows 7 it should be accessible via the Notification Area and then select Dismount All. Right-Click the icon and select Safely Remove Hardware. The Safely Remove Hardware window should appear. Tick Display Device Components and then select the USB Pen Drive entry and click [Stop]. A confirmation box appears; check that it shows the correct device and if so click [OK] Windows will display a notification telling you when it's safe to remove the device and you can then physically unplug it.
TrueCrypt Traveller (Portable Mode) Configuring your USB Pen Drive in Traveler/Portable mode will allow you to access a TrueCrypt Volume on PCs that do not have TrueCrypt locally installed. What this means is that a copy of the TrueCrypt executable is placed in an unencrypted section of the USB Pen Drive and run directly from there. Note that Traveler mode functionality requires administrator rights on the PC as the TrueCrypt application needs to install driver files to the PC. It is not standard ISD policy to grant administrative rights to CardiffMet PCs as this raises security issues related to the integrity of the Operating System and concerns regarding potential attack windows, spread and impact of security threats, viruses and general malware. 25. Click [Create] and the required files are copied to the USB Pen Drive As a result whilst Traveler mode can be setup on the USB Pen Drive using a CardiffMet PC, it is not possible to run the TrueCrypt application in Traveler mode. This is easily addressed with CardiffMet PCs by requesting that TrueCrypt be installed to the PC if it is not already available. The steps for setting up and running TrueCrypt in Traveler mode are detailed below. 23. Within TrueCrypt select Tools Menu > Traveler Disk Setup 26. Once completed and acknowledgement message appears which also points out the administrator rights issue. Click [OK] 24. Click [Browse] and select the drive letter corresponding to your USB Pen Drive, then click [OK]. In the example, the Pen Drive being used is a Kingston Drive mounted at F:
Click [OK] 27. Traveler Mode is now complete and if you check the Pen Drive in Windows Explorer you will find a folder named TrueCrypt containing the files required to run Traveler Mode. Running TrueCrypt in Traveller Mode 28. To run in Traveler Mode, plug-in your USB Pen Drive and use Windows Explorer to browse to the folder on it named TrueCrypt 29. Open the TrueCrypt folder and then double-click the file named TrueCrypt.exe 30. The TrueCrypt Application will open as normal and you then use it as per the instructions contained in the Using a TrueCrypt Volume section of this guide. Further Information For further information, please see the User Guide accessible from the Help Menu in the TrueCrypt application. You can also visit the TrueCrypt Website at http://www.truecrypt.org