• ITS Help Desk
• Support
• Security
• Software Central
• Get a Computer
• Help Desk Live

TrueCrypt File Encryption

Overview
Preparation
TrueCrypt Step-by-Step
Mounting an Encrypted Container
Backing up the Key
Best Practices

Overview

TrueCrypt is an open source on-the-fly encryption program that works on Windows, Mac OS X (Tiger and Leopard), and Linux. It offers several different encryption algorithms and ways of creating encrypted content which makes this a very good option if you use a lot of removable media (USB keys, mobile devices, etc) or do most of your work on Linux. TrueCrypt makes encrypted containers that you can mount as drives on your computer and then use just like another drive. While the program itself needs to be run in order to unlock the file container, the travel mode can be used to install the program on the flash drive in an unencrypted area. This way you can use the program and access your data on any computer that you have Administrative rights on.

 

Preparation

• Download the latest version of TrueCrypt from the TrueCrypt Download Page
• If you want to encrypt an entire drive (flash drive, external hard drive, etc) make sure that there is nothing you need on it to begin with, otherwise you will lose all information
• If you are using a file container, make sure that you have enough free space on the device to make a file container as large as you want.
• If you want to use this device on several computers they either all need to have TrueCrypt installed on them or you will need to install a copy on your device.
• You will need administrative privileges to run TrueCrypt

TrueCrypt Step-by-Step

Note: The screens and process should be identical for Leopard/Tiger and Windows installations

1. Open the TrueCrypt program and press the Create Volume button.
   
   
   
2. Select Create a Standard TrueCrypt volume and click Next
   
   
   
3. Press Select File and then browse to where your USB device is located, type in the name of what you want your container called press Save and then press Next
   
   
   
4. Set the encryption algorithm to AES and the hash algorithm to RIPEMD-160 and press Next
   
   
   
5. Here you can set the size of your file container. This cannot exceed the size of your device. If you also want to put TrueCrypt in travel mode on the device as well you should plan on leaving 3 MB free for that. Once you've decided on the size press Next
6. Here you will enter the password that you will need in order to open up your encrypted volume. While this should be something that you can remember it needs to be a strong password. Once you have created a strong password press Next
   
   
   
7. Now you will be on the Volume Format screen. This is where you can set some various options but the most important part is that this is where TrueCrypt will create a random pool. You should move your mouse for at least 30 seconds in order to create a good encryption key. Once you've done that press Format.
   
   
   
8. Once you press Format it will take a moment to create and format the container. Once it is finished you will see a pop up that explains that it's done. Press OK and then Exit.

 

Mounting a TrueCrypt Volume

1. From the main TrueCrypt screen go to the Volume section and click on the Select File button
   
   
   
2. Browse to your flash drive, select the encrypted file volume and press open
   
   
   
3. Once your container file is selected press the Mount button
   
   
   
4. You will then be prompted for your password. once you have entered that in you will be returned to the TrueCrypt program screen and you will see your volume mounted on the list above.
   
   
5. You can access your mounted file container like any other kind of device that you computer has. You can get to it through My Computer or just double click the item in the list.
   
   
6. When you are finished with the file press the Dismount button
   
   
   

Backing up the Key

Encrypted data can become corrupted for any number of reasons and TrueCrypt volumes are no exception. If the header gets damaged it will make the volume impossible to mount using TrueCrypt. Because of this ITS strongly recommends that you make a backup of your volume header which includes the master key.

1. Mount the encrypted volume in the manner described above
   
   
   
2. Go to Volume Tools and select Backup Volume Header
   
   
   
3. Choose a place to store the backup, save it and you're done. The same procedure is done to restore a header except choose Restore Volume Header instead of Backup Volume Header.
   
   
   

Best Practices

• When working with files in your encrypted container, always open the file from the encrypted container and work within the container. This will help to ensure that the data isn't exposed when it is being worked with.
• Always make sure to dismount your drive and use the safely remove hardware feature in Windows before removing the USB device to help prevent corruption of the drive.
• If you're using a keyfile, make sure that you keep a copy of that stored in a secure location or you wont be able to access your container even if you have the correct password.
• Like other forms of encryption, make sure that your password is strong and something you can remember.

Back to Help Desk Encryption Support Center

Last Updated: 09/15/2008

Search ITS

UI Home | UI A-Z Search | UI Phonebook/Email | Contact Us

Copyright © 2008, The University of Iowa, all rights reserved.