Tuesday, August 28, 2012

Howto: Truecrypt, Encryption on the fly - Easily Protect and Encrypt your private data with truecrypt


The Goal:

Real simple in fact, anyone should be interested in protecting its own private data, and this protection can only be achieved using encryption.

But as for many things, protecting and encrypting your data often means complicating access and modifications of your files.

This won't be the case with this great and opensource solution able to encrypt/decrypt on the fly.

Truecrypt is definitively the best and the easiest solution i know to protect and encrypt your data, it's just working out the box ^^

Finally, with the growing of cloud services, in my opinion using this kind of solution is definitively recommended...

Imagine you want to save important and private data to an external USB key because you need it, with this solution you will in a few steps create a secured and encrypted key, and easily accessible. (on any system)

Finally, choosing an opensource solution instead of other software is a guarantee of transparency and continuity.

What you need:

Well, nothing...just a computer (any os, Windows, Linux, OSX...) and data to protect :-)
And yes Truecrypt!

I will show 3 cases of uses:

1. Create a secure and encrypted container (some kind of image file, stored in local or not)
2. Create a secure and encrypted device (USB Key, Hard Drive partition...)
3. Create a secure, encrypted and hidden container or device (Container file, USB Key, Hard Drive partition...)

Note:
Step 3 will produce an hidden encrypted container or device, that means in a few words an invisible and undetectable encrypted volume inside the main volume.

That way, someone that gains access to your main volume (you may have to reveal your password or someone cracked it) won't be able to access to your real private data.

You would have 2 passwords sequences, one for the main volume (which is still encrypted) and one for the hidden device.

First, install Truecrypt

No matters the system you're running on, Truecrypt is available for all OS, go to:

http://www.truecrypt.org/downloads

I won't cover the installation which is really easy (even for Linux ^^, no need for external software or dependencies)


Now that Truecrypt is installed, let's see some use examples of use!


Method 1: Create a secure and encrypted container

This is one of the solution you can use with Truecrypt, if a few words, you will create a container (which is just a file, like an iso or dmg for Mac users) that will encrypted and protected.

This container will mounted in your system like any external drive, any file you will store in it will be accessible and encrypted on the fly, so can add, remove or modify files without having to deal with anything related to encryption.

Open Truecrypt:



Click on "Create Volume" to open the Truecrypt wizard:



Let's create our container, click next:


At this point, we will create a standard and non hidden volume.
If already you are interested by the hidden volume, please go directly to the Method 3 example.

For the explanation, an hidden volume is an invisible and undetectable secured and encrypted volume inside your secured volume, by this way you could always be forced to give access to the secured volume without having to reveal the existence of the hidden volume.

This is feature is very great and powerful but may be a little complicated for the first use, this is why i prefer to do it in the 3rt method.

So we choose a standard Volume:



Select the location and the file name you want, optionally you can leave "Never Save History" set, it will tell Truecrypt to never save history of volumes mount.
In other words the location of the your container will never be shown inside Truecrypt. (for more security)

Note:
Please note that you absolutely choose any file extension you want, Truecrypt won't care about that, so just choose something common that won't appear as something that could be special or protected. (img, rar, zip, doc...what you prefer)

In next screen, choose your encryption algorithm:


In this section, you have to an encryption and hash algorithm, the most secured method will be using combinated algorithm, such as "AES-Twofich-Serpent".

Note that using combinated method requires more operation and CPU, and so offers less read and write speeds.

You can click on "Benchmark" to see read and write speed you will get with different methods available:


Just choose your method, if you want the best security you can choose "AES-Twofish-Serpent" and "SHA-512".

Then select the container size and click next.
Please note a container can't be resized later. (but still you can create a new one and migrate your data if required)


Set the container password and optionally key files access:


Using key files is optional but depending on your needs could be something really interesting.
With this feature, getting the password won't be enough to gain access to protected data, getting the key files will also be required, but off course if you loose your key files, you loose your data access.

The password needs to be really secured and complex, you should think about using a password sentence (a citation, proverb, whatever you want) in combination with a password containing various characters  (standards, alpha numerical, specials)

Then, set the file format:


If you are using Windows (or plan to access to your container from Windows), then choose Fat.
Otherwise Ext4 if you are using Linux.

If you are creating you device on Linux, next screen will ask you to choose the option for system crossover support, if you plan to access to your container for both system, ensure to use the crossover support.

Then follow the instruction and format the device, final screen:



Exit the wizard, your container is ready.

Mounting your encrypted container:

In main Truecrypt screen, select your container, provide your password (and key files if required) and mount your volume:


You volume is now available to read and write ^^

To properly close your container, select your volume and select "Dismount". (you can also choose "Dismount All" if this is the only volume mounted)


Method 2: Create a secure and encrypted device (eg USB key...)


A real simple and comprehensive example of use will be creating a secured and encrypted USB Key.
But this can also be any partition of an internal or external Hard Drive or SSD, Flash memory, any storage you want.

Note:
Please note that any data present on your device will be lost!

To begin:

  • Connect your device
  • Ensure you have one partition to use (remember data will be lost)
  • Note the device name


Connect your device, open Truecrypt and click on "Create Volume", then select the required option:


Select the Volume type, again we will create a standard volume.

Then, select your device (in this example my USB device is seen under Linux as /dev/sdc1) :


Valid any warning message and choose encryption / Hash algorithm (see details in method 1).

The only difference with Method 1 will come at the device formatting step:


As the device hasn't been yet used as an encrypted device, you can let the box "Quick Format" unchecked. (which will result in encrypting also free space)

Then follow instructions and proceed to creating the device. (same than Method 1)

If you plan to use it on Windows, remember to select FAT as the file system and system crossover support if you created it on Linux.

Mounting your encrypted device:


Open Truecrypt, if you don't want to specify the name of your device, you can also choose the option "Auto-Mount Devices", it will scan your system and automatically detect your secured USB key:



Your device will accessible as any Volume, and you can do any operation you want.

To properly close your device, go in Truecrypt and select "Dismount All"



Method 3: Create a secure, encrypted and hidden container or device

Open Truecrypt and start the Volume creation wizard (Create Volume):


For the example purpose, we will create an hidden container, you can off course also choose to create a secured hidden device.


Select the device name and location:


As usual, select your Encryption and Hash algorithm, example:


Select the Outer Volume size, it is specific to hidden volume and will represent the global Volume size.

For the example, we will create a 1GB Volume:



Set the Outer Volume password, this won't be the hidden Volume password (where you will store you real private data) but the visible Volume password:


Next screen, Outer volume creation done:


Click Next to configure the Hidden Volume:


As for the Outer Volume, configure Encryption:



Select the Hidden Volume Size, this will the maximum space usable by the Hidden Volume inside the main (Outer) Volume:



Configure the Hidden Volume password, the password must be different from the main (Outer) Volume!


Choose file system option, example:


Choose crossover support, in my example case i used Linux to create the Volume so Truecrypt asks if i plan to use it on other systems than Linux, example:


Then format the Volume:



And exit the Wizard.

Mounting your device:

When you are using an hidden device, things are not much more complicated than with standard devices.

In fact, Tryecrypt will automatically mount the Outer or the Hidden device, depending on the password (Outer volume password or Hidden volume password) you will provide.

The only thing you have to care about is protecting the hidden device from being damaged when you mount the Outer volume.

To mount the main (Outer) Volume:

Open Truecrypt, select your file and click on mount, put your password and select "Option" to protect the hidden volume from being damaged by data copied into the Outer Volume:



Now the Outer volume is mounted, copy some data that could seem sensitives and umount it.

Then, using he same way but without the hidden volume protection option mount your hidden volume providing your hidden volume password.

And finally, you can manage your real private data in your hidden space.

Real powerful!