TrueCrypt is a very powerful program that you use to create virtual encrypted disks (which are basically just files on your hard drive that can be mounted as if they're disks, complete with unique drive letters). You can also encrypt entire partitions or hard drives and encrypt entire USB flash drives. For most people, a simple encrypted volume on the hard drive will be all that's needed. For those who own laptops that have sensitive personal or business information on them, full-drive encryption is recommended. Likewise, if you back up sensitive data to a USB flash drive, you'll want to encrypt the whole drive. We'll get into full-drive encryption in Part 2; for now, I'll show you how to install and configure TrueCrypt to create a simple encrypted volume that you can use to store your information securely. Mac OS X and Linux users: TrueCrypt works for you, too. Installation and configuration steps should be similar, but be aware that I'm showing the Windows version.)
First, go to http://www.truecrypt.org/downloads.php and download the version you need. Save it to a convenient location. Double-click the TrueCrypt setup icon and we're ready to go. Click on Run when you see the security warning:
Accept the terms of the license agreement. (It's an interesting read if you care to read it.):
On the next screen, click Next to accept the default Install option:
Accept the defaults on the next screen and click the Install button:
You'll get a message telling you TrueCrypt was successfully installed and you'll be asked if you want to restart. Click OK on the first message, and NO on the second if you want to examine the installation log screen:
Go ahead and restart your computer (you'll see a message saying that you can't close the installation wizard until you restart. Click yes). When your computer comes back up we'll get down to work setting up an encrypted volume. Go ahead, I'll wait..Zzzzz...
Oh! I see you're back. OK. Double-click the TrueCrypt icon on your desktop and you'll see this screen:
You absolutely want to read the Beginner's Tutorial, so click Yes. It's going to tell you just about everything I show you here, but it has a few tips you'll want to know. The tutorial will open in your browser, so you can follow along and continue setting up TrueCrypt. When you see this screen, click on Create Volume:
On the next screen, accept the default by clicking Next:
For now, we're just going to accept the default and create a Standard TrueCrypt Volume:
On the next screen, just type a name for your volume. It can be any name you want. Then click Next:
On the next screen, just accept the defaults; it's stuff for Geeks like me who want to tweak things:
Next, select the size of your volume. I chose 50 MB, but you can set it to anything you want up to the maximum space available on your drive:
Click next and you're going to be asked to set a password. Read the screen and you'll see it gives the same advice that I promote. In fact, read my Security Corner articles in Issue 34 and Issue 35 and heed the advice!
Don't worry about the Use keyfiles option for now; I'll explain that later. You can go ahead and check the Display password box if you want; it might make it easier for you to enter a long password twice. Yes, you want a long password, though you don't have to make it 20 characters. If you don't, however, you'll get this warning:
On the next screen, you'll be asked to select your file system. I recommend NTFS, as that is what Win7/Vista/XP uses as default. You can safely ignore the note at the bottom of the screen. The randomness of the numbers that you see flashing by are already so high as to make cracking the encryption of your volume virtually impossible.
You'll see some things happen and then you'll be presented with these two messages:
and
Go ahead and click exit and you're ready to start using your new encrypted volume. Go back to the main window and click Select File:
Choose the name for the volume you just created:
Back at the main screen, select a drive letter you want to use and click Mount. Mounting refers to the computer associating a drive letter with a location, in this case the TrueCrypt volume you just created. You'll be prompted for your password.
Enter it, and your TrueCrypt volume (in my case, Z:\) will be mounted. Now, you can safely Exit the program. Don't worry, your drive will stay mounted until you restart.
You can save files to your TrueCrypt volume just like you would same them to any other drive. Whatever you store there will be encrypted and decrypted on the fly as long as the drive is mounted.
When you shut down your PC, the volume will be dismounted, so the next time you start up, you'll have to run TrueCrypt and mount your volume again. If you don't turn off your PC, be sure to manually dismount the volume; otherwise, anyone who gains access to your account will have access to your TrueCrypt volume. If you dismount it and someone gains access to your account, they'll have to know your TrueCrypt password to see your encrypted files.
Ken Harthun is the Security Editor for Daves Computer Tips. He also writes about security issues for IT Knowledge Exchange and blogs on general Geek things at Ask the Geek. You can read more about Ken here.