Skip to main content

How to Encrypt Your Files Using TrueCrypt

Using TrueCrypt

UPDATE: TrueCrypt abruptly shut down on May 28, claiming its software "may contain unfixed security issues." If you still wish to use TrueCrypt, we recommend you use version 7.1, as it appears that 7.2 is the version to which the creators were referring. An independent security audit is currently investigating TrueCrypt's code, but for now TrueCrypt 7.1 is probably still safe.

What is TrueCrypt?

TrueCrypt encrypts a storage device such as a flash drive or hard drive, or a section of that storage device such as a folder or partition. In TrueCrypt's terminology, the encrypted device or section of a device is called a volume.

How to create a volume

1. Download the TrueCrypt software. The current version, 7.1a, is available in Tom's Guide's downloads.  Once you've downloaded TrueCrypt, run the program and from the main window select "Create Volume."

2. Choose a volume type. The TrueCrypt program can make three different types of volumes. The first and simplest is called a file container. Much like a folder, it can be created almost anywhere in your file system, named almost anything, and can contain any combination  of files and/or folders.

However, unlike a regular computer folder, a TrueCrypt file container has a maximum size (in terms of KB, MB or GB) that you determine when you create it. This is because you're encrypting a section of your hard drive, not an individual file that can grow as you add to it.

 3. Create a container. TrueCrypt recommends creating a file container if you're a beginning user, or if you aren't planning on encrypting many of your files. Otherwise you can turn your entire hard drive or a partition of that hard drive into a TrueCrypt volume. After you make a selection and click "Next," it'll ask you if you'd like to make a Standard TrueCrypt volume, or a Hidden volume, which is a volume hidden within a larger volume. If you're just starting out, you should select Standard.

If you chose to create a file container, you will then be prompted to name it and choose a location for it within your file directory.

4. Choose an algorithm. When creating your volume TrueCrypt will also let you choose from a list which type of encryption algorithm and hash algorithm (or compression method) it'll use to store your files. The algorithms you select aren't terribly important, especially for beginning users. The encryption's real strength lies in its password.

After you've chosen a password, the program needs to generate a series of encryption keys with which it will reformat the section of hard drive outlined by your volume. This part is a bit weird: TrueCrypt asks you to move your mouse as randomly as possible around the screen, and uses the mouse's coordinates on your screen to generate the random encryption keys.

5. Format your drive. Once you've done all that, click "Format" and you should be all set: the volume has been created, you can move files in or out of it, and anything stored within the volume will be encrypted.

Any free space left over in a TrueCrypt volume is filled with random data that looks similar to an encrypted file, thereby hiding the size of the files stored within. This also means that the metadata of the files in TrueCrypt volumes — file names, file extensions, creation dates and sizes, etc. — are all encrypted as well.

How to access a volume

Creating a volume in your computer is like filling a treasure chest full of gold and throwing it into a pool of water. You might be able to see the treasure chest down there if you look closely enough, but to open it you'll need to pull the chest back up to the surface.

In TrueCrypt terminology, the act of pulling that chest back up to the surface is called "mounting." Here's how to do it:

1. Open the TrueCrypt program. In the main window you should see a list of the drives on your computer, each denoted by a single letter. You can choose any one of them; that drive serves as a fixed point at which you can mount your volume and access it.

2. Enter your password. Once you've selected the drive, select the volume and enter the password. You should now have access to everything stored within that volume.

 3. How to access a hidden volume. Now we're getting to the hard-core spy-type stuff. To create a hidden volume you would first create an outer volume, then go back and create a second, hidden volume within the outer one.

To access the hidden volume, mount the outer volume but enter the hidden volume's password. Unlike a standard volume, it's difficult to prove that a hidden volume exists, because as mentioned before, all extra space in a volume is filled with random data.

With this setup, if someone tries to force you to reveal your password, you can give them the password to the outer volume. If you have some decoy files in the outer volume, the person will think they've found what they're looking for, and never know there's a hidden volume right beneath their noses.

  • daglesj
    Kind of a shame that Truecrypt is pretty much obsolete for encrypting new PCs and laptops.