An important update from Alessandro, 29th May 2014:
I know technology has a fast turnaround, but little did I know when I first began writing this post (which was just after TrueCrypt underwent the first phase of an independent security audit) that only a few weeks later the reliability of TrueCrypt would be called into question entirely. In the last 24 hours the following message has appeared on TrueCrypt's homepage:
So far there hasn't been any other communication from TrueCrypt to support the above statement (initial reports suggested it was a result of someone hacking the website) and as a result it has definitely made me wary of using TrueCrypt. Until there's a definitive answer I won't be using it, or recommending it to anyone else. So for now, please ignore my guide below and I'll do my best to update it depending on what happens next.
Over the past few years data security has featured heavily in technology news, and organisations are (quite rightly!) beginning to think about it more and more.
Last January I wrote a post about a hardware-encrypted, PIN-activated USB stick and I thought I would follow on from that to talk about how you can encrypt a standard USB because let's face it, we all seem to have one or two lying around, and they can be easily misplaced. There are a few options out there, but the one I have chosen is TrueCrypt. I've chosen TrueCrypt over the alternatives because it's free, open source and enables you to encrypt any USB storage device across multiple operating systems, i.e. Windows, Linux and Mac.
How it works
I'm going to show you how to create encrypted USB storage devices using TrueCrypt. There are multiple ways of encrypting a device, so in this guide I'll cover the basics of creating a simple, portable version.
First install TrueCrypt on your computer; downloaded here and then simply follow the instructions to install it on your computer.
Encrypting your USB storage device
You can encrypt most USB storage devices with TrueCrypt. In this case let's say it is a USB stick, and I am using Windows.
Insert your USB stick and make sure that any data already on the stick is backed up (this is really important!) because you will need to format the USB stick to use it with TrueCrypt, and formatting deletes all the data.
Are you sure you've backed up everything? Great, you're good to move on to step three.
Next, format your USB stick. Open a Windows Explorer window (or whichever browser you normally use) and select 'Computer' from the left-hand side. Right click the USB device and click 'Format'. I have formatted the USB stick as 'NTFS'. The benefit of NTFS over the alternative ('FAT') is that there is no limit to individual file sizes, whereas with FAT you are limited to files below 4GB.
4. Select 'NTFS' under 'File system' and click 'Format'. All of the data will now be deleted.
5. Now open TrueCrypt and you'll see the following screen:
6. Go to 'Tools'>'Traveler Dsick Setup'. Ths will mean that TrueCrypt will continue to work even if you connect it to a computer that doesn't have it installed.
7. Click 'Browse' and then select your USB device. In this instance, we'll leave all the other options as default. Then click 'Create', this will copy the files required to your USB device.
8. Now we can get to the exciting part..! Open up TrueCrypt from the desktop shortcut of the 'TrueCrypt' application on your USB device. Click 'Create Volume' to get started.
9. Select 'Create an encrypted file container' and click 'Next'.
10. Select 'Standard TrueCrypt Volume' and click 'Next'.
11. Next you'll need to select your file 'container'. This will be the file where all your encrypted information will be stored. Click 'Select File' and then select your UBS device.
12. In the 'File Name' box in the first folder of your USB device, type the name of your file container. In this instance, we'll use 'Encrypted Files'. Click 'Save' and this will populate the volume location box with your desired container. Click 'Next'.
13. The next box is where you can select your encryption algorithm and hash algorithm. Again, to keep things simple, we'll use the default AES encryption and RIPEMD-160 hash. Again, click 'Next'.
14. The next box will prompt you for 'Volume Size' or the size of your file container. i.e. how big the container is for you to store your information. As you can see below, it will show you the current amount of free space on the USB drive. In this instance I'm going to create a 10GB file container, which will leave 4.65GB unencrypted free space. Please note, if your USB device is formatted as FAT32, the largest container you can create will be 4GB due to the file size limits of the FAT file system. Once you've entered the desired amount, click 'Next'.
15. You'll then be prompted to enter a volume password. This will be required when accessing your container and will need to be re-entered if you disconnect/re-connect your storage device. Please ensure that this is a strong and memorable password. It's worth giving this blog on complex passwords a read if you're need of any password-related tips!
16. If you're planning to store files larger than 4GB within this container, you'll need to specify that here. As mentioned above, FAT32 is limited to a maximum of 4GB
17. The next window will create your encryption key. To ensure this is secure the random pool will change and as you move your mouse around the window, this will increase the strength of this key. Move the mouse around for a good 30 seconds or so to ensure this is a strong key, then click 'Next'. This will now format the device container. Depending on the size of your container, this may take a while to format.
18. Once complete, click 'Exit' to close the wizard. You'll now see within your USB device a file called 'Encrypted Files'. To enable you to access this container, you'll need to mount this within TrueCrypt. As you have the portable version installed (within the TrueCrypt folder on your USB device) you can open this on computers that don't have TrueCrypt fully installed, which is particularly useful if you work at various offices etc.
Double click 'TrueCrypt' icon to open up the application from your USB device (if fully installed on the computer, you can also open this from the desktop or start menu shortcut).
19. Once opened, click 'Select File...', browse to your USB device and select your file container. In this case, 'Encrypted Files'.
20. Highlight a drive letter that's not currently in use in the list and click 'Mount'. This will prompt you to enter the password. Enter your password created in step 16 and click 'OK'. You'll notice that this will have populated the 'Volume' column etc. with information on your file container.
21. If you browse to the drive letter you selected, in this case F, you will have access to this encrypted location.
22. Once opened, you can then create, copy and paste, and edit documents in this encrypted container - all in the knowledge that your data is safe!
23. Once finished, click 'Dismount all' and this will remove the extra drive letter and save any information encrypted in your new file container. To access this again, click 'Select File...' select the file container, enter the password and then browse to the location.
There are many different options and configuration changes you can make in TrueCrypt such as desktop shortcuts, auto-mounting etc. and this guide has only scratched the surface, but I hope this has been a useful introduction to keeping your information securely encrypted.
If you require any guidance on data encryption, please feel free to get in touch.