one package which can be used to encrypt all of your important data and allows you to work ... when you insert an extern
University of Hertfordshire RDM TrueCrypt User Guide Guide for researchers This document gives step-by-step instructions on the creation of encrypted files and safe transportation of sensitive data. A quick reference guide is also available in the Appendix.
Mr Mohamed Hansraj Dr Joanna Goodger Dr William Worthington
University of Hertfordshire RDM TrueCrypt User Guide
University of Herts Introduction TrueCrypt is a tool for creating and maintaining an encrypted volume. It is an all-inone package which can be used to encrypt all of your important data and allows you to work with encrypted files like you would your normal files. Starting with Downloading and Installing TrueCrypt, this guide is a step-by-step manual on creating, using, and sharing your encrypted files. For a single-sheet quick guide to TrueCrypt, check out the Appendix.
Downloading and Installing TrueCrypt TrueCrypt can be downloaded from the following website: http://www.truecrypt.org/downloads From this website you can download a copy of TrueCrypt for Windows, Mac OS and Linux. To install the package, run the installation application, accept the terms of the user agreement and the select INSTALL. Click finish once the installation is complete. You have now successfully installed TrueCrypt.
Glossary Volume:
The encrypted, exportable directory that must be mounted before use.
Mount:
Tell your computer that it is there. Many machines do this automatically when you insert an external disk for example.
Dismount:
To eject the disk when you are finished. This safely detaches the drive, checking that files are not in use and prevents them being corrupted.
Keyfile
File whose content is combined with a password. Until the correct keyfile is provided, no volume that uses the keyfile can be mounted.
1
University of Hertfordshire RDM TrueCrypt User Guide
Starting Out with TrueCrypt In TrueCrypt, encrypted volumes are created into which documents can be stored just like a file on your desktop, except you need to mount it and enter a password to access the documents within. This volume can then be placed on your computer or on a USB stick.
Install If you have not done so, Download and install TrueCrypt. Now you’re ready to launch TrueCrypt by double-clicking on the file TrueCrypt.exe or clicking on the TrueCrypt shortcut in your Windows Start menu. The main TrueCrypt window will appear on your screen.
How to create and use a TrueCrypt volume Click CREATE VOLUME (marked with a red rectangle). The TrueCrypt Volume Creation Wizard window will appear with options for your encrypted volume.
2
University of Hertfordshire RDM TrueCrypt User Guide Step 1: What do you want? In most situations, you will need the default option, “Create an encrypted file container”.
“Encrypt a non-system partition/drive” is generally to encrypt an entire drive, like a USB stick. For flexibility later on we recommend that you still use the default option as you can transfer the encrypted volume to flash stick later. The third option, “Encrypt the system partition or entire system drive” will try and encrypt your entire operating system, which only an admin can do and it is not recommended.
Step 2: What type of volume do you need? You most likely want to select the default “Standard TrueCrypt Volume” option here. The hidden option, as explained beneath it, will help you defend your password against extortion. Unless you’re a secret agent, you probably won’t need to hide your files, but that’s the option for you if you are. As “Standard TrueCrypt Volume” is selected by default, you can just click NEXT.
3
University of Hertfordshire RDM TrueCrypt User Guide
Step 3: Where do you want to store your volume? Now you can choose a name and location for your TrueCrypt encrypted volume. Click SELECT FILE and use the standard Windows file selector to select your location.
In this example, we created our TrueCrypt volume on the desktop. The filename of the encrypted file will be “My Volume” (as can be seen in the screenshot above). You may, of course, choose any other filename and location you like (for example, on a USB memory stick). Note that the file “My Volume” does not exist yet – but TrueCrypt will create it shortly.
4
University of Hertfordshire RDM TrueCrypt User Guide
Use the navigation bar on the left to select the location of your volume. Save to add this volume to the
Wizard.
Select the desired path (where you wish the file to be created) in the menu bar on the left hand side. Type the desired filename in the File name box. Click SAVE. The file selector window will disappear and return you to the TrueCrypt Volume Creation Wizard.
IMPORTANT: Note that TrueCrypt will not encrypt any existing files when creating a TrueCrypt volume. If you select an existing file in this step, it will be overwritten and replaced by the newly created file so the overwritten file will be lost, not encrypted. You will be able to encrypt existing files (later on) by moving them to the TrueCrypt file that we are creating now.
5
University of Hertfordshire RDM TrueCrypt User Guide In the Volume Creation Wizard window, click NEXT and continue creating your encrypted volume.
Step 4: Choose your encryption method Here you can choose an encryption algorithm and a hash algorithm for the file. As AES is very powerful and selected by default click NEXT.
The other options available are arguably more secure as they are more complicated but bear in mind that the more complicated encryption algorithms take longer to run. To test the various methods, click Benchmark – this will open a new window. Click on BENCHMARK and it will display the results for your system.
6
University of Hertfordshire RDM TrueCrypt User Guide
The Buffer size is inherited from the Wizard. Click BENCHMARK to test your system. CLOSE when finished.
Step 5: How big do you want your volume? Next we specify the size of our TrueCrypt volume, in this example we have chosen 100 megabytes (MB). After you type the desired size in the input field click NEXT.
7
University of Hertfordshire RDM TrueCrypt User Guide Step 6: Password Protection This is one of the most important steps. Here you have to choose a good volume password. The TrueCrypt Wizard window considers a good password:
Avoiding choosing words that can be found in a dictionary
It should not contain dates or names
It should not contain guessable material
It should contain a mix of upper and lower case letters and special characters (such as £ $ % ^ & # etc.)
A good length is more than 20 characters (the longer the better)
The limit is 64 characters
IMPORTANT: Do not forget or lose your password as it will be impossible to decrypt your files
Once you have confirmed your password, the NEXT button can be selected. Click it to continue to the next step.
8
University of Hertfordshire RDM TrueCrypt User Guide Step 7: Select the File Format Select the format based on your operating system (OS); FAT will work on all platforms, while NFTS will only work with windows and you will require admin rites. Now move your mouse as randomly as possible within the Volume Creation Wizard window at least for 30 seconds. This randomises the encryption key. The longer you move the mouse, the better as this significantly increases the cryptographic strength of the encryption keys (which increases security). If you and everyone else just selected the first one, then the security of your volume would be compromised.
Now select FORMAT. The file creation will begin and TrueCrypt will create a file called My Volume on your desktop (as we specified in Step 6). Depending on the size of the file, the file creation may take a long time. The dialog box will appear when it finishes. Click OK to close the dialog box.
9
University of Hertfordshire RDM TrueCrypt User Guide We have just successfully created a TrueCrypt file. In the TrueCrypt Volume Creation Wizard window, click EXIT to close the Wizard window. If you select NEXT, you can create another volume.
10
University of Hertfordshire RDM TrueCrypt User Guide
Opening your encrypted volume Now that you have created an encrypted volume, you need to `mount’ the volume so that you can start using it. So launch TrueCrypt and select a drive to attach your volume to. All the currently empty drives are listed in the main window. We’ve chosen M: for this example. This is analogous to inserting a flash stick into your computer but you can select which drive it becomes instead of Windows automatically allocating one. Step 1: Select the volume to open Click SELECT FILE. The standard file selector window should appear. Browse to the volume that you wish to open and select it by clicking Open in the file selector, which will then disappear.
Use the navigation bar on the left to select the location of your volume. Select your volume in the main window and
SAVE to add to the Wizard.
11
University of Hertfordshire RDM TrueCrypt User Guide Step 2: Mounting your drive In the main TrueCrypt window, click MOUNT. Now that you have selected your volume and drive. The password prompt dialog window will appear.
Type in your password, which you specified in the Starting TrueCrypt section (Step 6: Password Protection), and click OK in the password prompt window.
TrueCrypt will now attempt to open the file. If the password is incorrect, TrueCrypt will notify you and you will need to re-enter the password. And of course if the password is correct, the file will be opened. You can now open the volume in My Computer and see that your encrypted volume was successfully mounted as drive M:. You can now move all of your important files to it. When you are done, pull up the TrueCrypt interface and DISMOUNT the encrypted volume when you’re finished.
IMPORTANT: When you open a file stored on a TrueCrypt file container, or when you write or copy a file to or from the TrueCrypt file container, you will not be asked to enter the password again. You need to enter the correct password only when opening the file.
12
University of Hertfordshire RDM TrueCrypt User Guide
Export your volume to a portable drive You may wish to back up your encrypted file an external drive or send your volume to a collaborator via a flash. In this case, you need to include the TrueCrypt set up on the drive. This is not a complete install of TrueCrypt, but it will allow you to open the TrueCrypt interface and create new volume or mount existing ones. On the TrueCrypt Interface menu bar, select the Tools tab and then select `Travel Disk Setup’ from the drop down menu. This will open another window
13
University of Hertfordshire RDM TrueCrypt User Guide Step 1: Locating your Drive First of all, select the drive location for the travel disk setup. Click Browse to open the standard file browser and locate your drive.
Navigation to the drive where you want to save the Travel Setup. Select your drive and click OK to add to the Wizard.
14
University of Hertfordshire RDM TrueCrypt User Guide Step 2: Saving Travel Files Now you have your location, you can change the AutoRun settings if you want to, but if this is a generic disk, then maybe you will not need TrueCrypt to run automatically, just when you need it. `Do Nothing’ is the default so you can click CREATE. A TrueCrypt folder is now on your drive containing the relevant files.
The TrueCrypt directory on your portable drive contains
15
TrueCrypt Format
The TrueCrypt executable
Truecrypt.sys
Truecrypt-x64.sys
University of Hertfordshire RDM TrueCrypt User Guide
TrueCrypt Advanced Features In addition to its easy on-the-fly encryption method, TrueCrypt supports advanced encryption methods, which can be used in the most demanding situations: Encrypt an entire partition or storage device such as USB flash drive or hard drive. Encrypt a partition or drive where Windows is installed (pre-boot authentication).
Provide plausible deniability, in case an adversary forces you to reveal the password Hide a volume (steganography) and or hide an operating system.
Instructions and additional information for these options are available from the TrueCrypt website http://www.truecrypt.org/ .
The University of Hertfordshire accepts no responsibility for your data if you choose to encrypt it with any of the methods outlined or suggested in this document. If you lose the password for your volume, we cannot help you retrieve your data. Keep your password safe and secure.
16
University of Hertfordshire RDM TrueCrypt User Guide
A Reference Guide to the TrueCrypt Interface: Important Features
To CREATE a Volume; Use the Wizard to name your volume, allocate a location, the size, and the format of the volume, decide on the encryption method and key, and set the password.
17
Select an empty drive from the
When you have finished
list, browse for your volume,
viewing, adding and
then MOUNT your volume so you
removing items from your
can view it in My Computer and
encrypted volume,
add content.
DISMOUNT
