APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Basic TrueCrypt Usage

People have told me that they installed TrueCrypt, but had no idea what to do next. Here's what to do.


I and other people here have mentioned TrueCrypt before. I thought (and perhaps you did too) that it was very simple and obvious to use but I've had several people write to me complaining that they downloaded and installed it, but have no idea what to do next.

OK, maybe the interface isn't all that user friendly. It really is simple, but after looking at it from an "ordinary person" perspective, I can agree that it could leave you staring at the screen saying "Huh?" So let's run through using this in plain English.

What you don't want to do

The most common fear I heard from people was that they were afraid TrueCrypt was going to encrypt their hard drive and that something would go wrong or they'd forget the password.

Yes, TrueCrypt can encrypt entire hard drives, and yes, things could go horribly wrong or you could forget your password. So, yes, you have reason to be concerned. I definitely would NOT advise using TrueCrypt for that purpose unless you completely understand what you are doing, what the risks are, and (perhaps most importantly) WHY you are doing it.

Most of us need to protect individual files. Maybe you have a text file with all your passwords in it. Maybe you handle sensitive documents for your clients. Whatever it is, you usually don't need to encrypt a whole drive. You just need to lock up those particular files.

Protect a file or files

Click on Create Volume

This is the simplest and safest TrueCrypt operation. Start up TrueCrypt. You've never used it before, so what you want to do is click on Create Volume. You want to create an "Encrypted File Container" (that's the default). Click Next, and then select "Standard True Crypt Volume" (again that's the default). What happens next seems to confuse people: a file dialog comes up, which perhaps makes you think that you need to select some file.

No, it's looking for you to give the name and location of a NEW file. This file will be the "container" for the files you actually want to hide. It's going to eventually end up as another disk drive on your system, which is perhaps another reason this can confuse folks: it's a "volume", it's a "container", it's a disk drive. No wonder people are hesitant to proceed!

So click on "Select File", navigate to where you want to keep this, and give it a name. Remember, this is the "container". It's the box your secret files will hide in. You might call it "Secrets", "My Secret Stuff" or "Fred" - choose something that makes sense to you. IF YOU CHOOSE AN EXISTING FILE, IT WILL BE DELETED.

So, after choosing a name, click Next and the following screen asks what kind of encryption you want to use. For most of us, the default AES is fine. The TrueCrypt help file suggests reasons why you might choose one of the others:


If you store the backup volume in any location where an adversary can make a copy of the volume, consider encrypting the volume with a cascade of ciphers (for example, with AES-Twofish- Serpent). Otherwise, if the volume is encrypted only with a single encryption algorithm and the algorithm is later broken (for example, due to advances in cryptanalysis), the attacker might be able to decrypt his copies of the volume. The probability that three distinct encryption algorithms will be broken is significantly lower than the probability that only one of them will be broken.

You can take the default choice for the hash algorithm and click Next.

Now you need to choose the size of your container. Obviously it needs to be large enough to store the files you want to hide, but you may want to think about making more than one smaller container. For example, if you are going to store backups of this container (a good idea!), you might want to do that on a CD or DVD - obviously the container size has to be small enough to fit on the storage media. Or perhaps you plan on using one of the many free Internet storage sites - your choice of size may be limited by what they will give you for free.

There's also a minimum size - not because TrueCrypt really cares, but because your operating system can't create a disk drive (which is what this container ultimately becomes) smaller than a minimum size. Once you've decided how big or small this wiill be, you click Next and it's time to choose a password.

Think of a sentence

TrueCrypt isn't looking for "joe123" or even :"[email protected]" . It's looking for a long sequence - they recommend at least 20 characters and you can use up to 64.

You could make up a long string of nonsense, but how are you going to remember "Ht^%f2HH(hpo&mnE$%d";q\n*^$sdf"? I suggest using a phrase - a sentence - that you can remember. It might be words from a song: "Memories are all I have to cling to - cling to!" or a string of names: "Thomas, Jonathan, Sarah and THEN William!". If you always keep the books on your shelf in the same order, maybe you could use their titles: "Programming Perl, Perl Cookbook, Linux Firewalls and Linux Cookbook". It is best if you can include some random punctuation, but if this password is never going to be written down and will live only in your head, it's better to be a little more weak than risk forgetting it - once you've locked your files up with this, they are not coming back without that password!

A weaker password can be augmented with a "key" file or files. These are simply files that TrueCrypt takes 1024 bytes from and mixes into your encryption. You can use any file (or multiple files) on your disk as long as the first 1024 bytes of it will never change. You could use a file stored on a USB stick - if someone stole your computer but didn't get that USB drive, they can't open your TrueCrypt files even if they have the password. Of course, you can't either - you have to have the key file(s) available to get at your stuff.

Once you have decided on your password and any key files, it's time to actually create the container. You'll be asked to move your mouse randomly for a bit and then click Format. The purpose of the random mouse stuff is to generate better encryption, so just do it even though it sounds like someone might be pulling your leg. After you click Format and TrueCrypt says it is all done, you can exit back to the main screen.

Adding Files

You have now created a container. You haven't put anything in it yet and to do that, you need to mount it as a disk drive. You'd think you cold just click "Mount" and TrueCrypt would ask you what you want to mount, but no, you need to first click "Select File", find your container, point at your key file(s) if you used any), and then click "Mount". You can select what drive letter or (Mac) volume identifier to use and once it is mounted you can exit TrueCrypt - you can unmount the container using ordinary operating system methods if you wish.

While it is mounted, you can put files in it. I suggest keeping safe copies of your files until you feel completely comfortable with TrueCrypt - remember, if you can't recall the password or lose any required key files, you will have no access to your data.

That's it. After you have loaded the drive up with files, you unmount it and that's it - the encrypted container is protected by your password and any key files you specified. It was pretty simple, wasn't it?



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Basic TrueCrypt Usage

7 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Thu Jan 7 22:40:08 2010: 7889   BrettLegree

gravatar


I have a few personal files from time to time on my work laptop.

I keep them on a TrueCrypt volume... and the keyfile is on a USB stick (I have the keyfile backed up at home).

(Yeah, I know, "bad Brett mixing personal with work" - but hey, *they* call me at *home* sometimes!)



Sat Jan 9 07:46:57 2010: 7891   sledge

gravatar


Funny story, but only related to moving the mouse:
So I built my first Linux box running RedHat 5.1 and StarOffice 4. The purpose was to have internet access for the family. I researched getting the perfect modem because I had heard how hard it is to make things work under Linux. Got my hands on an ISA modem with jumpers so I could choose the IRQ for myself. I set it up using IRQ 9. Then I connected a serial mouse and fired the everything up. I didn't understand why the modem worked better when I shook the mouse, but it did. So I hunted around the Internet (shaking like a cheap motel bed the whole time) and even posted questions to Usenet for the first time. I received several responses referring to 'setserial' but I didn't follow the logic.
To make a short story long, the serial port was using IRQ 2 (which cascades to 9) and the modem worked like gang-busters after I moved the jumper even without the wiggling.
I still have that machine in the shed - I need to dig it out, it has a file on it that I didn't save anywhere else.
PS I use TrueCrypt to encrypt an entire hard drive and now I don't worry about my "adversaries" any more. But the process if setting up the container file confused me the first time I did it. I understood the mouse's relationship to entropy from earlier encryption stuff so it didn't seem silly to me.



Mon Jan 11 13:17:26 2010: 7893   Anonymous

gravatar


One thing I love about truecrypt is that it's pretty much platform independent and the encrypted volumes can be opened by truecrypt on Windows/OSx/Linux. However as a Mac user it's a bit of an overkill for a basic tool, when creating an encrypted Sparsebundle with a native OSx program will do the same thing and any nasty long passwords can be saved automatically using keychain.
However you can't beat Truecrypt for hidden encrypted volumes.. That's a sweet utility and gives some peace of mind.



Tue Jan 12 09:01:44 2010: 7896   anonymous

gravatar


...so now we can safely hide all of that *redacted* from our wives!



Tue Jan 12 11:31:36 2010: 7898   TonyLawrence

gravatar


I suppose so, though you might want to seriously think about what kind of relationship includes lies and deception.



Tue Jan 12 13:18:32 2010: 7900   anonymous

gravatar


Well I was more thinking of customer/personal sensitive info/docs/log/configurations and anything which might aid someone else in malicias activities target at either myself or one of my customers.

Don't worry about me.. My wife knows how to unlock my keychain....






Tue Jan 12 13:32:47 2010: 7901   TonyLawrence

gravatar


Years ago a local company sold a document scanning system to another local firm. A few months later, they got a nasty call from the customer who insisted that they had mis-sized the storage because they were only 10% through scanning their docs and were already out of disk space.

I was sent in to investigate. What I found was gigabytes of *redacted* - apparently an employee noticed all this available disk space and used it for his "collection".





------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





Your computer needn't be the first thing your see in the morning and the last thing you see at night. (Simon Mainwaring)





This post tagged: