Encrypting Thumb Drives With TrueCrypt

TrueCrpyt LogoLast week I wrote a post on how to encrypt entire hard drives with TrueCrypt. We all know how easy it is to have your laptop lost or stolen and how important it is to protect sensitive data. However, something that is even easier to lose and often has just as sensitive data on it is thumb drives. I know personally I’ve lost a couple of them over time.

Today we’re going to learn how to encrypt these drives to keep them from prying eyes.

Setting Up

Just a few things to get you prepared for the encryption process.

  1. Grab TrueCrypt if you don’t already have it.
  2. Make sure your thumb drive is plugged in and move everything on it to your desktop. This is important because TrueCrypt is going to format the drive during the encryption process.
  3. Open the main TrueCrypt window
    TrueCrpyt encrypting thumb drives

Beginning the Encryption Process

During this phase, we will be getting the settings together so we can actually encrypt the drive.

  1. Click the ‘Create Volume‘ button on the main TrueCrypt window
  2. Choose the second radio button: Create a volume with a non-system partition/device
    Create a volume with a non-system partition/device
  3. At the next screen, leave the radio button on ‘Standard TrueCrypt Volume‘ (unless you know what you’re doing and want to get fancy:)
    Standard TrueCrypt Volume
  4. Now click the button that says ‘Select Device
    select device in truecrypt
  5. Find your thumb drive in the list (you can tell by what drive letter it is mounted in Windows). For this tutorial, we are going to choose the ‘partition’ not the actual device (so in my case ‘\Device\Harddisc6\Partition1′)
    selecting the partition
    If you get a warning after clicking ‘ok’, you can ignore it. It’s simply stating that you could also create an encrypted file on the device rather than encrypting the entire drive. Click Next
  6. I like to leave the Encrpytion and the Hash algorithms at their defaults, AES and RIPEMD-160 respectively. Feel free to play around if you know what you are doing.
    selecting encryption and hash algorithms aes ripemd-160
  7. On the Volume Size screen, you won’t be able to do anything because we chose to encrypt the entire drive. Click ‘Next
    encrypted volume size
  8. Create a passphrase on the next screen. Depending on how secure you want it to be, 20 characters is recommended. If nothing else, try to use symbols, caps, lowercase and numbers.
    choose and encryption passphrase

Starting the Encryption

Now, we will actually start the encryption process itself.

  1. Now you will need to move your mouse around the TrueCrypt window to create a unique pool of characters. This is important to the strength of the encryption keys TC will use.
    create a pool of unique keys
  2. Once you are satisfied, click the ‘Format’ button. You will be presented with a box saying that all data will be lost NOT encrypted. If you followed along from the start, you’ve already moved all your data off the drive and this won’t be a problem and you can click ‘Yes
    data is going to be encrypted
  3. TrueCrypt will now begin to encrypt the drive. Mine was only 128MB so it only took a few minutes. Your time will vary
    TrueCrypt encrypting the drive
  4. If everything went well, you should see a box saying the encryption was successful!
    successfully encrypted

Mounting the Drive

The first thing you will probably notice is that Windows doesn’t recognize the drive like it normally did. You can click on the drive letter it assigns it, but it’s just going to ask you if you want to format it. Don’t! Here’s what you do.

  1. Make sure the drive is still plugged in and the main TrueCrypt window is open. Also, select a drive letter in the list, I highlighted ‘Y’
    successfully encrypted
  2. Click the ‘Auto-Mount Devices‘ button. It’s going to ask you for the passphrase you created earlier, so enter that.
    enter your passphrase
  3. Your drive should now be mounted as whatever letter you choose (in my case ‘Y’)
    successfully mounted
  4. Your drive will now be able to be accessed just like any other drive on your system!

Final Thoughts

There really isn’t much to encrypting your data with TrueCrypt, but that doesn’t diminish the need for strong encryption on all of our portable (and non-portable) devices. A couple of final notes:

  1. Make sure you ‘Dismount’ the thumb drive before pulling it out by selecting the volume in the main TrueCrypt window and clicking on the ‘Dismount’ button.
  2. Also remember that you need TrueCrypt installed on every computer you will be using your thumb drive one. Sounds like a no-brainer, but be aware if your IT department won’t allow you to install extra software on your work machines.
  • http://en.quantrox.de Luiz

    Hi!

    I also made a little tutorial on this, it goes a little further and includes some automatation via batch files, the tool PStart, and portable applications.

    http://en.quantrox.de/archives/5-Make-the-most-out-of-your-USB-pen-drive.html

    Greetings,
    Luiz

  • Randy Jensen

    Hey Luiz,

    I checked out your tutorial, great job! There are some really good nuggets in there for the more advanced users. Well worth a look.

  • alan

    An alternative is to create a truecrypt file container in step 2, and make it smaller than your thumb drive. That way there will be some unencrypted space that can be used in situations where there is not a truecrypt-capable computer handy. Of course you would want to be careful about what data you carry around in the unencrypted portion of the thumb drive.

  • Randy Jensen

    Hey Alan,
    That’s a really good idea. I wanted to keep this tutorial as simple as possible so anyone could encrypt their data, but it looks like I need to do one that’s a bit more advanced someday. Thanks for the idea!

  • Pingback: User Question: Whats Your Favorite Application/Tool/Algorithm & What Files Do You Protect? : Randy Jensen Online

  • Rohit

    Hi thank you for the great tutorial. I think i may have been successful in encrypting my thumb drive. I was doing this to test if it works. My question is if i want to remove the drive encryption how can this be done? Can i simply reformat the drive through Windows?

  • Randy Jensen

    Hey Rohit,

    It’s just as easy to remove the encryption as it is to do the encryption. Once your encrpyted drive is mounted throught TrueCrypt, simply right click it and choose ‘Permanently Decrypt’.

    That’s it:) Good luck!

  • http://www.ediy.co.nz/ internet marketing

    Never tried this software, but it does look nice ;)