Encrypting Partitions with TrueCrypt

In my previous article, "Encrypting Flash Drives with TrueCrypt," I showed you how to protect the contents of your flash drive using a portable version of TrueCrypt. You learned how to create and use hidden volumes to maintain plausible deniability against incriminating yourself. I also stressed the importance of protecting your outer volume from potential damage and corruption. In this multi-part article, you will learn how to create encrypted partitions so you can take full advantage of your larger, primary storage mediums.

You can even use this method to encrypt portable hard drives (3.5" and 2.5" hard drives in USB enclosures) like the Western Digital My Passport series of portable hard drives (but this method excludes USB flash drives). While it is possible to encrypt your operating system drive, you will learn how to do this in my final article in the TrueCrypt series.

Before you can encrypt a partition on your hard drive, you first need to have an available partition. This partition can be located on the same hard drive as Windows, on a secondary hard drive installed in your computer, or on a portable hard drive you carry with you. If you only have one hard drive installed on your computer, I will show you how to create a second partition without harming your Windows installation or any of your files.

If you are going to use an existing partition and wish to create a hidden volume, you must back up your data before continuing, because TrueCrypt will destroy all the data during the encryption process. To avoid this pitfall, you can create a standard encrypted partition which will not contain a hidden volume. This will maintain the integrity of your data without it being destroyed. However, since TrueCrypt will be modifying ALL the data stored on the partition, it is strongly recommended that you back up all your data before continuing with this method. I will detail both methods in this article series.

TrueCrypt also has the ability to encrypt entire hard drives; however, I will focus on this concept in a future article. Hard drives have specific requirements they must meet before they can be encrypted, which is why I am not detailing the steps in this article. Just like partitions, though, if you want to encrypt an entire hard drive, you will need to have a spare hard drive installed in your system, or you will need a portable hard drive, as mentioned earlier.

Similar to flash drives and standalone volumes, encrypted partitions also support hidden volumes. When encrypting partitions, you will notice an overall performance increase when compared to standalone volumes (including flash drives). Standalone volumes’ performance suffers exponentially the more the volumes becomes fragmented. While encrypted partitions suffer from fragmentation as well, the degradation rate is not as steep. Remember, just as you do with regular hard drives, you should defragment your encrypted partitions on a regular basis to maximize performance.

{mospagebreak title=Preparing a New Partition} 

Before you can encrypt a partition, you need an available partition to work with. If you already have a partition available on an internal or portable hard drive, you can skip this step. This section will show you how to split an existing partition into multiple partitions.  

Most computers manufactured by Dell, HP, eMachines, and Acer usually include one hard drive with two partitions: an operating system partition and a recovery partition. Since the operating system partition is the largest (and you do not want to lose the ability to restore your computer in case of an emergency), you are going to split this one to create a new partition.

Unlike previous versions of Windows, Windows 7 and Vista feature a built-in partitioning tool you can use to create, modify, and remove partitions without the need for third-party software. You can access this tool by clicking the "Start" menu and searching for "computer management," then clicking the "Computer Management" item. You can also access the Computer Management console by going to Start > Control Panel > Administrative Tools > Computer Management.  

Next, the Computer Management console will open. In the left-hand column, click the "Disk Management" option under "Storage." You will now see all your attached hard drives. If you want to split a partition other than the partition on which your operating system resides, right-click it and select "Shrink Volume…". Otherwise, simply right-click your C: partition and select "Shrink Volume…". This will run Windows 7’s built-in partitioning tool.  

Windows will now analyze the partition so it can determine the maximum amount of available free space. Depending on the size of your partition, this window may stay open for several minutes.  

After Windows finishes analyzing your partition, it will open the Shrink utility. The values in my example will differ from yours because our computers contain different size hard drives, partitions, and total available space. Before you start changing the value in this step, let me explain how this utility works. The value you enter in this box is the amount of space you want to shrink by, not the size of the new partition (your new partition will be slightly smaller than the amount you enter here).

·          Total size before shrink in MB: This is the current size of the partition (not to be confused with hard drive) in megabytes (MB).

·          Size of available shrink space in MB: This is the maximum amount of available space that can used to create a new partition. Depending on how full your partition is, this value could be small (20,000 MB) or large (400,000 MB).

·          Enter the amount of space to shrink in MB: Here you will select the amount of space to shrink the partition by. You can enter any value here; however, it cannot be larger than the amount of available shrink space above.

·          Total size after shrink in MB: This is the new size of the partition after it has been shrunk.

Once you have entered an amount to shrink by, click the "Shrink" button. 

You should now see your new partition in the list. Do not be alarmed that the text "Unallocated" is displayed on your partition. This simply means the partition has not been formatted; nothing is wrong with the partition.  



{mospagebreak title=Formatting a New Partition}

Before you can encrypt this partition, it first needs to be formatted. Right-click your newly created partition and click "New Simple Volume…".  

The "New Simple Volume Wizard" will now open. Click the "Next" button.  

You will now specify the volume size. To keep this simple, use the default maximum size, then click the "Next" button.  

Next, you need to assign a drive letter to mount your partition under. This will also be the permanent drive letter of the partition containing your encrypted volumes. You will never mount your volumes under this drive letter; you will select a new drive letter when you mount them. This drive letter will simply refer to the physical location of your encrypted volume.

The only time you will need to access this partition directly is to remove the encryption by formatting it. Remember this letter, because you will need it in a later step. Once you have selected a drive letter, click the "Next" button.  

Next, you will format the new partition. The defaults presented here are acceptable; however, if you wish to use a different file system or enter a different label for the volume, feel free to do so. I recommend you keep "Perform a quick format" checked because the time required to format a new partition can span several several hours depending on the size of the partition. Make sure you leave "Enable file and folder compression" unchecked because this will decrease your partition’s performance significantly. Once you have made your selections, click the "Next" button.  

If you enabled the quick format, this process should take only a few seconds to complete. Click the "Finish" button to start the formatting process.  

Once the partition is formatted, you will notice the AutoPlay box open. You will also notice your newly formatted partition in "Computer Management." You can close both of these windows because you are now ready to use TrueCrypt to encrypt the partition.  





{mospagebreak title=Start Encrypting a Partition}

If you open Computer, you should see your new partition mounted with its assigned drive letter.  



Now that your new partition is created and formatted, you can start encrypting the partition. DO NOT STORE ANY INFORMATION ON THE PARTITION AT THIS TIME. Depending on the encryption method you use, TrueCrypt may reformat the entire partition, and you will lose ALL the information currently stored on it.  

If you do not have TrueCrypt installed already, you can skip this step. TrueCrypt is available free at its website:  http://www.truecrypt.org/   . The TrueCrypt installation is very simple; follow these steps and you will have it installed and running in no time.  

1.    Download TrueCrypt; double-click "TrueCrypt Setup 6.3a.exe."

2.    If you are warned by Windows’ User Access Control, click the "Yes" button.

3.    Accept the license agreement.

4.    Choose the "Install" option.

5.    Keep the default installation directory and make sure all the check boxes are checked. Click the "Install" button.

6.    Wait for the installer to finish. Click the "OK" button when the installation completes.

7.    When prompted to read TrueCrypt’s Beginner’s Guide, you can select either "Yes" or "No" depending on whether you would like to read the guide now or bookmark it for future reading. This tutorial should, however, serve as a decent starter’s guide.


8.    Click the "Finish" button.

Once the installation is complete, run TrueCrypt by clicking the icon the installer created on your desktop, or by clicking the icon created in the Start menu. 

That’s all I have space for today. Tomorrow we’ll get to the meat of creating both standard and hidden partitions. See you then! 

[gp-comments width="770" linklove="off" ]