UPDATE (12/29/14): Arggh! So they shutdown the TrueCrypt for some crazy cockeyed reason. But it’s still a good product as far as I’m concerned and I still use it to encrypt my flash drive. The last version of the software is still available on other sites. Below, I’ve posted the download link to one site I find trustworthy.
Note: Understand that to use TrueCrypt, you need to have administrative privileges [admin rights]. If you are a home user, then most likely, you are already running your PC as an administrator. At work, it might be a different story. Your system administrator has probably locked down your PC. The reason you need admin rights is because TrueCrypt loads a driver that enables the “on-the-fly” encryption. To load the driver, you need the administrative privileges. It does not matter that you are running TrueCrypt from your USB Flash Drive. It still loads the driver and you still need admin rights. So, if you are at work, on a PC that is locked down, then you’ll need to have your system administrator install TrueCrypt on your PC in order for you to use your encrypted USB Flash Drive. If you plug your drive into a machine that requires administrative rights, and doesn’t have TrueCrypt already installed, then you’ll get a message stating “In order to load the TrueCrypt driver, you need to be logged into an account with administrator privileges“. You can read about it on the TrueCrypt website here. Now that we got that out of the way, let’s move on.
Introduction
Portable USB flash drives are becoming cheaper and cheaper every day. Some companies are even giving them away. When they first arrived on the scene, most of the drives had a capacity of less than 1GB. But now, you can find 2GB to 4GB drives almost everywhere, including your local drugstore chain. At these sizes, they can actually be useful. You can use it to store your music, pictures, videos, or documents. Some even use it to store bootable operating systems like Linux. I use it to store a text file that contains the passwords for all of my online accounts, such as for my online bank accounts, my Amazon account, credit card accounts, etc. And since the flash drives are so portable, it makes sense to have one. However, since they ARE so portable, they can easily be lost, stolen, or misplaced. If you are like me, and store personal information on your flash drive, information that you don’t want to fall into the wrong hands, then you need to encrypt your flash drive. By encrypting your flash drive, the files contained within it become password protected and can only be accessed by you or someone who knows your password. There are many different applications that help you encrypt your flash drive. Some drive manufacturers include encryption applications on the flash drive. In this tutorial, I will show you how to encrypt your portable USB flash drive using my favorite freeware application, TrueCrypt.
What Is TrueCrypt?
Using TrueCrypt, you create a password protected encrypted file that is stored on the flash drive. This encrypted file acts as a “container”, within which all the files you want encrypted are stored. When you connect your flash drive into a PC, this “container” gets mounted as a separate hard drive (provided you enter the correct password). And now, everything you save into this separate hard drive is encrypted automatically. This is where TrueCrypt really shines, providing transparent, real-time encryption. Plus, you don’t need TrueCrypt to be installed on the local computer [unless you don’t have admin rights on your computer – see note above].
How To Encrypt Your Flash Drive Using TrueCrypt
- Download the latest stable version of TrueCrypt from grc.com: TrueCrypt Setup 7.1a.exe
- Install the software on your local computer (accepting all the default options)
- Connect your USB flash drive to your computer. For this tutorial, let’s assume that it is assigned drive letter G:\
- Start the TrueCrypt application
- Click on the Create Volume button to start the TrueCrypt Volume Creation Wizard. This is where you create the “container”.
- Select Create a file container (default option) and click on Next.
- This brings you to the Volume Type window. Here you can specify if you want your “container” to be a standard, visible file or if you want to create a hidden “container” (essentially a “container” within a “container”). For this tutorial, we’ll select the default option, Standard TrueCrypt Volume, and click on Next.
- This brings you to the Volume Location window. Here you specify the filename and location of the “container”. For this tutorial, let’s call the container MyCrypt. And since your flash drive is mounted as the G:\ drive, specify your location and filename as G:\MyCrypt, placing the container in the root of the flash drive. Click Next.
-
Next you need to select the Encryption Algorithm and Hash Algorithm. I won’t go into the details of the differences between the different options, their pros and cons. That would turn this tutorial into a book. For this tutorial, we’ll leave the defaults, as they should be sufficient. Click Next.
-
Next, you need to choose the size of the “container”. This depends on the size of your flash drive and how much info you want to encrypt. Personally, I would suggest leaving anywhere between 10% to 20% of the drive unencrypted so that you have room for the TrueCrypt application files (about 6MB) as well as unimportant files that you might want to share or just don’t need encrypted. For this tutorial, using a 1GB flash drive, we’ll set the “container” to be 850MB. Click Next.
-
Next, specify the password you want to use to access and mount this “container”. Select a strong password, that would be easy for you to remember and hard for anyone else to figure out. A strong password usually consists of at least 20 characters, and uses a combination of letters (both lower and upper case), and numbers. But at a minimum, it should consist of 8 characters. Click Next after you enter your password.
-
Next, you are ready to format the container. You can select the type of File System and Cluster. For this tutorial, leave the default values. Move your mouse randomly within the Volume Format window to generate the encryption keys. Don’t worry; you are not going to have to remember these keys. When ready, click on Format to start. Depending on the size of the “container” (chosen in step 8), this may take up to 5 minutes.
- Once the format successfully completes, you will get a pop up indicating that the “container” has been created. Click OK then Exit.
-
From the main TrueCrypt window, select Tools -> Traveler Disk Setup to start the Traveler Disk Setup Wizard.
- In the Traveler Disk Setup Wizard, we need to set several things. First, specify the root directory of the removable drive, in our case G:\. Uncheck the “Include TrueCrypt Volume Creation Wizard” (we’ve already created the “container” called MyCrypt so we don’t need the wizard). Next, select the “Auto-mount TrueCrypt Volume” button. This will allow you to be automatically prompted to mount the encrypted “container” when you insert your removable drive. Next, specify the name of the encrypted “container”, in our case it’s MyCrypt. Finally, click on Create.
- Once the Traveler Disk Setup is complete, you will get a confirmation popup:
-
Click OK, Close out of the Traveler Disk Setup Wizard and Exit the TrueCrypt application. That’s it! Now, every time you connect your flash drive, you will be asked if you want to mount your encrypted “container”. Select Mount TrueCrypt volume and click OK.
-
Next, you will be prompted to enter in the password you created for your encrypted “container”. Enter your password and click OK.
-
Your encrypted “container” will be mounted as a drive using the next available drive letter. In this case, it is the H:\ drive.
-
Now, every time you put a file into the H:\ drive, it will be encrypted automatically. To “disconnect” the drive, right-click on the TrueCrypt icon in your taskbar and select Dismount:
Hopefully, I made the steps to create an encrypted drive easy. Having an encrypted drive will give you the assurance that if you lost your flash drive, the personal information stored in the encrypted drive will never be exposed.
Comments for this tutorial are welcomed!
Copyright © 2008 JB Network Design LLC. All rights reserved. TrueCrypt and the TrueCrypt logo are registered trademarks of the TrueCrypt Foundation.
I followed your direction and was able to get to step 16 I got ” cannot find specified file” after i pressed ok
Ok, looks like the problem is with the quotes surrounding “MyCrypt” in the autorun.inf file. If you highlighted the text in the tutorial, and pasted it into a notepad file, the quotation marks get screwed up. Go figure. Just delete and retype the “MyCrypt” text (or whatever name you gave the container) in the autorun.inf. Or just download the one linked in step 16.
Let me know what happens.
I feel so so so so bad. you are correct I should have known and would have figured it out if i looked at truecrypt command line. Thanks a million Nick
No worries. Actually I may re-write this tutorial to use the traveller disk utility in TrueCrypt. It’s probably easier, and can avoid this issue altogether.
Is it possible to “assign” a specific label to the truecrypt volume? i.e.: usb disk connects to the computer; autorun.inf runs (with a label = whatever) and prompts the user to mount the truecrypt volume. When the user mounts it, enters the password, the next drive is assigned (H:, in this case). I’d like to set the label for (H:), so the user knows where to put his files.
I mean:
in the autorun.inf we call truecrypt.exe with:
open=TrueCryptTrueCrypt.exe /q background /e /m rm /v “MyCrypt”
is there an option to assign a label to this mounted volume?
Yes, just modify the “label=” in the autorun.inf file shown in step 15, to be whatever label you want. Instead of “TrueCrypt Traveler Disk”, you can enter something like “Encrypted Drive”, so that when you open up My Computer, the drive would show up as “Encrypted Drive (H:)”
that would change the name of the insterted usb disk. I meant the mounted volume. I’d like to know how to label that.
I want to be able to create USB drives so my users (non administrators) can take files with them so they can work on them at home. My main concern is protecting the files if the USB drive is lost.
I used your tutorial and everything worked great until I logged in using a “non administrator” account. When I log in using a “non administrator” account I received the error message “In order to load the TrueCrypt driver, you need to be logged into an account with Administrator privileges”.
Is it possible to setup TruCrypt on USB drives so that “non administrators” can access the encrypted files?
Unfortunately, TrueCrypt requires the driver to do the “on-the-fly” encryption. And to load drivers, you need admin rights. However, what you can do is install TrueCrypt on the host machine (as an administrator), so that the driver gets loaded even when a non-administrator logs into the machine. Then, when a non-admin plugs in the USB drive, the encrypted files can be accessed.
Thanks for the quick reply but that will not work since the users can use different PC’s both internally and externally. While I could install TrueCrypt on all internal PC’s I cannot on all the other PC’s they may use.
So far every solution I have found has the same requirement. I thought there would be one that would let an administrator setup something and then allow non administrator users to take to USB drive to any PC plus provide security if the USB drive is lost.
Is there such a solution that is cost effective?
You can take a look at Rohos mini drive . I haven’t tried it myself, however it’s “free”, limited to 1GB, and supposedly doesn’t require admin rights. I’ll try to do a little digging and see if there’s anything else that’s reliable and legit.
Thanks for your article. I spent considerable time researching how to secure a USB flash drive. Eventually all roads pointed to TrueCrypt, but the TC users guide was somewhat confusing re: how to make the USB flash drive self sufficient. Talk about humbling!
Also, numerous web-based tutorials that, for me, did not work!
Your tutorial is well written and the pics are appreciated. Thanks for your help!
Thank you for the positive feedback! I’m glad the writeup helped.
Hi thank you for the information. Am sure it use full to all,but i have a doubt, can you please say if i encryption or decryption of my portable HD will be applicable only on my system or on any other system which have the True Crypt installed on it? I mean if i encrypt in my system and take the drive to another computer and install True Crypt on it will i be able to mount my volume there?
If you have administrative rights on the other computer, then you don’t need to install TrueCrypt on it! If you plug your HD into the other computer, then you should be able to mount your volume there.
Hi, Thanks for the reply. How can i mount my encrypted drive/volume on some other computer with out the True crypt program running/installed on that machine? I am not clear on what you explained.
The whole point of the tutorial is to do what you are looking for. The TrueCrypt files are copied onto your removable hard drive, so you don’t need to install it on other computers.
Great Tutorial, but I am wondering if it’s possible to set up a usb drive so the whole thing is encrypted AND be set up in traveller mode. Best I can figure is that there needs to be 2 partitions, 1 for the TC files and the 2nd which would be encrypted. The problem I’m having is when you set up the traveller mode to auto mount you need to point it to a file? Can this be set to the partition itself?
thanks
The problem I see is with partitioning the USB drive. I’ve never done this, but there are USB drives on the market that already come with two partitions (one public, the other private). So it seems possible, but I’m not sure how they accomplish that. The problem you may run into is partitioning the USB drive and getting Windows to recognize both partitions and assigning drive letters to both. There are registry tweaks you can do to accomplish that as noted here, but that defeats the purpose of “traveler mode”. Need to investigate this one further.
This article has been posted in various other places on the web. I think some of them are you, but at least one looks like it might not be.
Just for your information:
http://nyctechtips.com/2008/04/27/encrypt-your-flash-drive-using-truecrypt/
and
http://www.ehow.com/how_2298754_usb-flash-drive-using-truecrypt.html
and
http://www.scribd.com/doc/3082405/Encrypt-Your-Flash-Drive-Using-TrueCrypt
and
http://www.jbnetworkdesign.com/?page_id=52
and
http://www.salvagedatarecovery.com/guides/how-to-encrypt-your-usb-flash-drive-using-truecrypt/
Thanks for the info
I have tried this 5 times but it wont work. Any suggestions?
Where are your running into trouble?
Not sure. If it’s listed as an option, you should be able to select it and click OK. Maybe you can copy and paste here what you have in the autorun.inf file. Do you have the TrueCrypt software on the flash drive?