Introduction
If you save anything on your computer, it is likely that you do not
want just anyone to be able to see what you have saved. You want a way
to protect that information so that you can access it, and absolutely no
one else except those you trust. Therefore, it makes sense to set up a
system which protects your information and safeguards it against prying
eyes.
The best such system for this is called “True Crypt”. “True Crypt” is
an encryption software program which allows you to store many files and
directories inside of a single file on your harddrive. Further, this
file is encrypted and no one can actually see what you have saved there
unless they know your password.
This sounds extremely high tech, but it is actually very easy to set up.
Setting up Truecrypt
1. Go to http://www.truecrypt.org/downloads (or go to www.truecrypt.org, and click on “Downloads”)
2. Under “Latest Stable Version”, under “Windows 7/Vista/XP/2000?, click “Download”
3. The file will be called “True Crypt Setup 7.0a.exe” or something similar. Run this file.
4. If prompted that a program needs your permission to continue, click “Continue”.
5. Check “I accept and agree to be bound by these license terms”
6. Click “Accept”
7. Ensure that “Install” is selected, and click “Next”
8. click “Install”
9. You will see a dialog stating “TrueCrypt has been successfully installed.” Click “Ok”
10. Click “No” when asked if you wish to view the tutorial/user’s guide.
11. Click “Finish”
At this point, TrueCrypt is now installed. Now we will set up
truecrypt so that we can begin using it to store sensitive information.
1. Click the “Windows Logo”/”Start” button on the lower left corner of your screen.
2. Click “All Programs”
3. Click “TrueCrypt”
4. Click the “TrueCrypt” application
And now we can begin:
1. click the button “Create Volume”
2. Ensuring that “Create an encrypted file container” is selected, click “Next”
3. Select “Hidden TrueCrypt volume” and click “Next”.
4. Ensuring that “Normal mode” is selected, click “Next”
5. Click on “Select File”
Note which directory you are in on your computer. Look at the top of
the dialog that has opened and you will see the path you are in, most
likely the home directory for your username. An input box is provided
with a flashing cursor asking you to type in a file name. Here, you will
type in the following filename:
random.txt
You may of course replace random.txt with anything you like. This
file is going to be created and will be used to store many other files
inside. Do NOT use a filename for a file that already exists. The idea
here is that you are creating an entirely new file.
It is also recommended though not required that you “hide” this file
somewhere less obvious. If it is in your home directory, then someone
who has access to your computer may find it easier. You can also choose
to put this file on any other media, it doesn’t have to be your hard
disk. You could for example save your truecrypt file to a usb flash
drive, an sd card, or some other media. It is up to you.
6. Once you have typed in the file name, click “Save”
7. Make sure “Never save history” is checked.
8. Click “Next”
9. On the “Outer Volume” screen, click “Next” again.
10. The default Encryption Algorithm and Hash Algorithm are fine. Click “Next”
11. Choose a file size.
In order to benefit the most from this guide, you should have at
least 10 gigabytes of free disk space. If not, then it is worth it for
you to purchase some form of media (such as a removable harddrive, a
large sd card, etc.) in order to proceed. TrueCrypt can be used on all
forms of digital media not just your hard disk. If you choose to proceed
without obtaining at least ten gigabytes of disk space, then select a
size that you are comfortable with (such as 100 MB).
Ideally, you want to choose enough space to work with. I recommend 20
GB at least. Remember that if you do need more space later, you can
always create additional TrueCrypt volumes using exactly these same
steps.
12. Now you are prompted for a password. THIS IS VERY IMPORTANT. READ THIS CAREFULLY
READ THIS SECTION CAREFULLY
The password you choose here is a decoy password. That means, this is
the password you would give to someone under duress. Suppose that
someone suspects that you were accessing sensitive information and they
threaten to beat you or worse if you do not reveal the password. THIS is
the password that you give to them. When you give someone this
password, it will be nearly impossible for them to prove that it is not
the RIGHT password. Further, they cannot even know that there is a
second password.
Here are some tips for your password:
A. Choose a password you will NEVER forget. It may be ten years from
now that you need it. Make it simple, like your birthday repeated three
times.
B. Make sure it seems reasonable, that it appears to be a real password.
If the password is something stupid like “123? then they may not
believe you.
C. Remember that this is a password that you would give to someone if forced. It is *NOT* your actual password.
D. Do not make this password too similar to what you plan to really use.
You do not want someone to guess your main password from this one.
And with all of this in mind, choose your password. When you have typed it in twice, click “Next”.
13.
“Large Files”, here you are asked whether or not you plan to store files
larger than 4 GIGABYTES. Choose “No” and click “Next”
14. “Outer Volume Format”, here you will notice some random numbers and
letters next to where it says “Random Pool”. Go ahead and move your
mouse around for
a bit. This will increase the randomness and give you better encryption. After about ten seconds of this, click “Format”.
15. Depending on the file size you selected, it will take some time to finish formatting.
“What is happening?”
TrueCrypt is creating the file you asked it to, such as “random.txt”.
It is building a file system contained entirely within that one file.
This file system can be used to store files, directories, and more.
Further, it is encrypting this file system in such a way that without
the right password it will be impossible for anyone to access it. To
*anyone* other than you, this file will appear to be just a mess of
random characters. No one will even know that it is a truecrypt volume.
16. “Outer Volume Contents”, click on the button called, “Open Outer Volume”
An empty folder has opened up. This is empty because you have yet to put any files into your truecrypt volume.
DO NOT PUT ANY SENSITIVE CONTENT HERE
This is the “Decoy”. This is what someone would see if you gave them
the password you used in the previous step. This is NOT where you are
going to store your sensitive data. If you have been forced into a
situation where you had to reveal your password to some individual, then
that individual will see whatever is in this folder. You need to have
data in this folder that appears to be sensitive enough to be protected
by truecrypt in order to fool them. Here are some important tips to keep
in mind:
A. Do NOT use porn. Adult models can sometimes appear to be
underaged, and this can cause you to incriminate yourself
unintentionally.
B. Do NOT use drawings/renderings/writings of porn. In many jurisdictions, these are just as illegal as photographs.
C. Good choices for what to put here include: backups of documents, emails, financial documents, etc.
D. Once you have placed files into this folder, *NEVER* place any more
files in the future. Doing so may damage your hidden content.
Generally, you want to store innocent data where some individual
looking at it would find no cause against you, and yet at the same time
they would understand why you used TrueCrypt to secure that data.
Now, go ahead and find files and store them in this folder. Be sure
that you leave at least ten gigabytes free. The more the better.
When you are all done copying files into this folder, close the folder by clicking the “x” in the top right corner.
17. click “Next”
18. If prompted that “A program needs your permission to continue”, click “Continue”
19. “Hidden Volume”, click “Next”
20. The default encryption and hash algorithms are fine, click “Next”
21. “Hidden Volume Size”, the maximum available space is indicated in
bold below the text box. Round down to the nearest full unit. For
example, if 19.97 GB
is available, select 19 GB. If 12.0 GB are available, select 11 GB.
22. If a warning dialog comes up, asking “Are you sure you wish to continue”, select “Yes”
23. “Hidden Volume Password”
IMPORTANT READ THIS
Here you are going to select the REAL password. This is the password
you will NEVER reveal to ANYONE else under any circumstances. Only you
will know it. No one will be able to figure it out or even know that
there is a second password. Be aware that an individual intent on
obtaining your sensitive information may lie to you and claim to be able
to figure this out. They cannot.
It is HIGHLY recommended that you choose a 64 character password
here. If it is difficult to remember a 64 character password, choose an 8
character password and simply repeat it 8 times. A date naturally has
exactly 8 numbers, and a significant date in your life repeated 8 times
would do just fine.
24. Type in your password twice, and click “Next”
25. “Large Files”, select “Yes” and click “Next”.
26. “Hidden Volume Format”, as before move your mouse around for about ten seconds randomly, and tehn click “Format”.
27. If prompted “A program needs your permission to continue”, select “Continue”
28. A dialog will come up telling you that the hidden TrueCrypt volume has been successfully created. Click “Ok”
29. Click “Exit”
Congratulations! You have just set up an encrypted file container on
your hard drive. Anything you store here will be inaccessible to anyone
except you. Further, you have protected this content with TWO passwords.
One that you will give to someone under threat, and one that only you
will know. Keep your real password well protected and never write it
down or give it to anyone else for any reason.
Now, we should test BOTH passwords.
Testing TrueCrypt Volumes
Once you have completed the above section, you will be back at
TrueCrypt. Go ahead and follow these steps to test the volumes you have
made.
1. Click “Select File…”
2. Locate the file you created in the last section, most likely called
“random.txt” or something similar. Remember that even though there is
both an outer and
a hidden volume, both volumes are contained in a single file. There are not two files, only one.
3. Click “Open”
4. Choose a drive letter that you are not using (anything past M is
probably just fine). Click on that, For example click on “O:” to
highlight it.
5. Click “Mount”
6. Now you are prompted for a password. Read the below carefully:
The password you provide here will determine WHICH volume is mounted
to the drive letter you specified. If you type in your decoy password,
then O:\ will show all the files and directories you copied that you
would reveal if forced. If you type in your real password, then O:\ will
show the files and directories that you never intend anyone to see.
7. After successfully typing in your password, you will see
additional detail to the right of the drive letter, including the full
path to the file you selected as well as the kind of volume it is (for
example, hidden).
8. Right click on your “Windows Logo”/”Start Menu” icon, and scroll down
to the bottom where you can see your different drive letters. You will
see the drive letter you selected, for example: “Local Disk (O:)”. Click
on that.
9. If you selected your decoy password, you will see all the files and
folders that you moved there during the installation phase. If you
selected the real password, you will see whatever files and directories
you have placed so far into the hidden volume, if any.
If you selected your hidden volume password, you may now begin moving
any sensitive information you wish. Be aware that simply moving it from
your main hard disk is not enough. We will discuss how to ensure
deleted data is actually deleted later in the guide.
“What is happening?”
When you select a file and mount it to a drive, you are telling your
computer that you have a new drive with files and folders on it. It is
the same thing as if you had plugged in a usb flash drive, a removable
harddrive, or an sd card into your computer. TrueCrypt causes your
computer to think that there is an entirely new disk drive on your
computer. You can use this disk drive just as if it *was* actually a usb
flash drive. You can copy files to it, directories, and use it just as
you would use a usb flash drive.
When you are done, simply close all open windows/folders/applications
that are using your truecrypt drive letter, and then click “Dismount”
from within TrueCrypt while you have the drive letter highlighted. This
will once again hide all of this data, accessible only by re-mounting it
with the correct password.
VERY IMPORTANT SAFETY INFORMATION
When a true crypt hidden volume is mounted, someone who has access to
your computer can access anything that is inside that hidden volume. If
for example you left your computer running while a truecrypt volume was
mounted, then if someone gained access to your computer they would be
able to see everything you have in that volume. Therefore:
ALWAYS REMEMBER TO DISMOUNT ANY TRUECRYPT VOLUME CONTAINING ANY SENSITIVE INFORMATION WHEN YOU ARE NOT USING YOUR COMPUTER
You can tell that it is dismounted because the drive letter inside of
“TrueCrypt”‘s control panel will appear the same as all of the other
drive letters, with no information to the right of the drive letter.
You should practice Mounting and Dismounting a few times with both passwords to make sure you understand this process.
Once you have copied files/folders into the hidden volume, do NOT
touch the files or folders in the outer volume anymore. Remember that
both volumes occupy the same single file, and therefore changing the
outer volume can damage the hidden volume. Once you have copied
files/folders into the outer volume during the installation process,
that is the last time you should do so. From that point forward, use
ONLY the hidden volume. The outer volume exists only as a decoy if you
need it.
