Creating a Standard Encrypted Partition with TrueCrypt

Welcome to the second part of a multi-part series on creating encrypted partitions with TrueCrypt. Last time I showed you how to create a partition on your computer in preparation for encryption; I also explained how to get TrueCrypt onto your machine. Today, we’re going to create a standard encrypted partition.

Creating a Standard Encrypted Partition

As I mentioned in the introduction to the first article, TrueCrypt can create two types of partitions: a standard partition and a hidden partition. The down side to creating a hidden partition is the encryption process will destroy all the data on the partition. If you do not want to lose all of the existing data on your partition, or if you do not require the protection a hidden volume provides, then a standard partition may suit your needs just fine.

If you need the security of a hidden partition, hang in there. The next part will show you how to create a hidden encrypted partition. Otherwise, follow the steps below to create a standard partition. It’s a good idea to read through this article even if you’re mainly interested in creating a hidden partition, to make sure you understand the general process. 

Before you continue, just a word of caution. This method is going to encrypt the entire contents of the partition. To protect your data against any possible failures, back up your partition before continuing. This will ensure your data is still safe should a catastrophic failure occur.  

From the TrueCrypt main window, click the "Create Volume" button. This will start the wizard which will help you create your first encrypted partition. 

Next, you will select the volume type. Since you are creating a standard partition, select the "Standard TrueCrypt volume" option, then click the "Next" button.  

Now you will select the volume’s location. Click the "Select Device…" button to select your partition. 

Depending on your computer’s setup, your dialog box may differ. One aspect of the information presented that will remain the same is the distinction between hard drives and partitions. These can be identified by the following terms:

·          Harddisk X

·          DeviceHarddiskXPartitionY

 

Harddisk X : Depending on the number of hard drives connected to your system, you may see Harddisk 0, Harddisk 1, Harddisk 2, etc. These represent the physical hard drives attached to your computer, regardless of whether they are connected internally or externally through USB. Each hard drive will be assigned a unique number. Any hard drive identified by the number 0 (zero) usually refers to your operating system drive (C:).  

DeviceHarddiskXPartitionY:  Whenever an item begins with Device, it represents a partition on a hard drive. It is easy to identify which hard drive a partition belongs to because the X in DeviceHarddiskX will match the same X in the physical Harddisk X mentioned above. Each partition is identified at the end as DeviceHarddiskXPartitionY. Similar to hard drives, partitions are also assigned a unique number.  

A typical system with multiple hard drives installed may look like this:  

 

·          Harddisk 0

o    DeviceHarddisk0Partition1

o    DeviceHarddisk0Partition2

·          Harddisk 1

o    DeviceHarddisk1Partition1

·          Harddisk 2

o    DeviceHarddisk2Partition1

o    DeviceHarddisk2Partition2

o    DeviceHarddisk2Partition3

o    DeviceHarddisk2Partition4 

 

To help identify the correct partition, the drive letter for each corresponding partition is listed in the "Drive" column. To reiterate what I discussed above, my Harddisk 0 contains three partitions, and Harddisk 4 (a portable hard drive) contains a single partition.

Since I have assigned my new partition drive letter H:, I am going to select that partition from the list. If you are encrypting a partition on a removable hard drive, you would select that partition (you should be able to identify the partition via the "Drive" column). Once you have selected your partition (or hard drive), click the "OK" button, then click the "Next" button.  

{mospagebreak title=Choosing How to Encrypt the Partition}

Next you will determine how TrueCrypt will initially encrypt the partition. You have two options: 

  • Create encrypted volume and format it: This option is the fastest way to encrypt your partition if you do not have any data stored on the partition. This method is useful when you are using a freshly created partition or a partition that does not contain any data. 

  • Encrypt partition in place: This option will encrypt your entire partition and let you keep your existing data on the partition. This method is useful when your partition already contains data and you do not want all the data deleted.

Let’s assume you already have data on the partition, and you want to keep all the existing data. To do this, you will select the "Encrypt partition in place" option, and then click the "Next" button.  

If you choose the second encryption option, TrueCrypt will warn you against the dangers of data loss due to a power outage, software crash, or Windows crash. As mentioned earlier, make sure you have a copy of this data before it is encrypted. Click the "Yes" button to continue.  

Now you will select the encryption method you wish to apply to the outer volume. The default "AES" encryption algorithm and "RIPEMD-160" hash algorithm are proven and recommended for their robust protection and performance. Once you have made your selections, click the "Next" button. 

Now you will enter the volume’s password. Unlike my previous tutorial, this method does not protect you with a hidden volume. This password is the only means to keep this volume safe, so make sure you choose a very strong password. Once you have entered your password, click the "Next" button.  

This step generates a random number from your mouse movements based on the hash algorithm you selected earlier. It is important to move your mouse around the window a few times so a truly random number can be generated. You will see the "Current pool content" change whenever you move your mouse. After a few moments of moving your mouse around the window, click the "Next" button. 

{mospagebreak title=Choosing TrueCrypt’s Wipe Mode}

Next, you will select the wipe mode TrueCrypt will use to completely overwrite existing data. Since you already have data stored on the partition, it may be possible for a person skilled in computer forensics to recover your existing data through the use of special instruments. To prevent this, TrueCrypt can overwrite your data several times to ensure your existing data is unrecoverable.

Regardless of which wipe mode you choose, none of your data will be lost (each piece of data will be stored in memory during the wipe process, then rewritten as the data is encrypted). Depending on the amount of security you require, TrueCrypt can wipe your data several different ways:  

  • None: None of the data is overwritten; the data is simply encrypted. If your partition already contains no data, or the existing data is not super-sensitive, this method would suffice. (Fast) 

  • 3-pass (US DoD 5220.22-M): Random data is written over the entire partition three separate times, and the method is certified by the US Department of Defense. (Long) 

  • 5-pass (US DoD 5220.22-M): Random data is written over the entire partition five separate times, and the method is certified by the US Department of Defense. (Longer) 

  • 35-pass ("Gutmann"): Random data is written over the entire partition thirty-five separate times. (Longest)

Once you have made your selection, click the "Next" button. 

Now TrueCrypt will encrypt the entire partition using the encryption and wipe methods you have selected. Depending on your selected method, the encryption process could range from an hour to an entire day. Once you are ready to begin encrypting your partition, click the "Encrypt" button. 

TrueCrypt will warn you that you can not use the partition until it has been fully encrypted. Click the "Yes" button.  

TrueCrypt may be unable to lock the volume if Windows is using it, so you will be asked if TrueCrypt can forcefully dismount the volume. Click the "Yes" button. 

Now the encryption process will begin. If you notice your computer starting to lag and you need some extra performance for a short period of time, you can pause the process by clicking the "Pause" button. Otherwise, you will need to wait until the encryption process is complete.  

{mospagebreak title=Warning Messages}

When the encryption process is complete, TrueCrypt will display a notification message explaining how to mount your encrypted partition. You can ignore this for now because I will show you how to mount it in the next part, where I discuss "Mounting and Dismounting the Hidden/Standard Volume." Click the "OK" button to close the window. 

A second warning message reminds you that your volume cannot be accessed via the partition’s current drive letter (H: in this example). When you mount your volume, you will mount it on a drive letter other than this one because drive letters can only refer to one physical location. The only time you will need to access the partition directly is to format the partition to remove the encryption. Click the "OK" button to close this warning.  

If no errors have occurred, TrueCrypt indicate that the partition was successfully encrypted. Click the "Finish" button to close the TrueCrypt Volume Creation Wizard. To mount the volume, follow the steps in the "Mounting and Dismounting the Hidden/Standard Volume" section in the next article.  

That’s all I have room for today. Come back next week, when I’ll cover creating a hidden partition. See you then!

One thought on “Creating a Standard Encrypted Partition with TrueCrypt

[gp-comments width="770" linklove="off" ]