Groups »
Forums »
Answers »

Featured Groups

  • Bare Conductive
  • Drawing and Art
  • Sustainability
  • 123D
  • Fenix Intl, Ready Set Off The Grid
  • Kollabora
  • 3D Printing

Encrypting a USB Drive

 by rockiesjason
 See All
7 Steps
  Favorite
usb-drive.jpg
I will be walking you through the steps needed to encrypt a USB drive using the free encryption tool TrueCrypt. In this instructable, I will be using a Windows XP system as an example, but TrueCrypt will also run on Linux and OS X.

Step 1: Materials

tc1.jpg
For this instructable, you will need the following:

a USB drive
a PC running Windows 2000, XP, or Vista
a copy of TrueCrypt 5.0, which can be downloaded from here

Step 2: Format the USB Drive

device manager.jpg
device manager2.jpg
format.jpg
In this example, we will be using an 8 Gb USB drive. If you are using a large USB drive and intend to create an encrypted volume that is larger than 4 Gb, you will need to format the drive with NTFS, as Fat32 cannot support files larger than 4 Gb.

In order to format a removable drive as NTFS, we will need to tweak the settings slightly:

1. Right click on My Computer on the Desktop and choose properties
2. Click on the Hardware Tab
3. Click on the Device Manager Button
4. Click the + symbol next to Disk Drives
5. Select your USB drive
6. Right click and choose properties
7. Click the Policies tab
8. Click the Optimize for performance radio button
9. Click OK and close the Device Manager window
10. Click OK on the System Properties window

Now we will format the drive:
WARNING: Formatting the drive will destroy any data on it (duh)

1. Double click My Computer on the Desktop
2. Select your USB drive
3. Right click and choose Format
4. In the dropdown box under File System, choose NTFS
5. Under Format Options, check the Quick Format checkbox
6. Click the Start button
7. Click OK on the warning dialog
8. Click OK on the Format Complete dialog
9. Click Close on the Format window

Step 3: Install TrueCrypt on the PC

tc2.jpg
Run the installer for TrueCrypt that you downloaded in step 1. Unless you have a reason to change them for your machine, the default settings for the install will work just fine.

Step 4: Configure Traveler Disk Settings

tc4.jpg
tc5.jpg
tc6.jpg
Now we will configure the USB drive as a Traveler Disk. This will place a portable copy of TrueCrypt in an unencrypted portion of the drive so that the encrypted volume can be accessed on systems that do not have TrueCrypt installed.

Note: In order to use the portable copy of TrueCrypt, you need to have administrator rights on the machine. If you do not have administrator rights, TrueCrypt cannot install the needed driver to open the encrypted volume.

1. Start Truecrypt.
2. In the Tools menu, select Traveler Disk Setup
3. In the field below Create traveler disk files, enter the drive letter of the USB drive, in my case E:\
4. In AutoRun Configuration click the Auto-Mount radio button
5. Under TrueCrypt volume to mount, enter the desired volume name, in this example, I used volume. Make sure that you remember what you used here, as we will need it later.
6. Click the Create button
7. Click OK on the Creation dialog

Step 5: Create the Encrypted Volume

tc7.jpg
tc8.jpg
tc9.jpg
tc9.5.jpg
tc10.jpg
tc11.jpg
Show All 12 Images
Now we will create the encrypted volume.

1. Click Tools, then select Volume Creation Wizard
2. Click the Create a File Container radio button, then click Next
3. Click the Standard TrueCrypt volume radio button, then click Next
4. Click Select File
5. Browse to the USB drive. You should see the TrueCrypt folder that was created here in the previous step. In the File Name field, enter the SAME volume name that you used in the Traveler settings earlier, then click the Save button.
6. Click Next
7. Click Next
8. On the Volume Size dialog, enter the size in Mb that you want the encrypted partition to be. I like to leave a little extra space so that I can store a few unencrypted files on the drive if I need to. Click Next
9. Enter the password for the encrypted volume twice. If you use a password of less than 20 characters, the installer will complain at you for using a weak password. Click Next.
10. Click the Format button. You will see the volume format for somewhere between 10 minutes and an hour or so, depending on the size of the volume and your machine.
11. Click OK

Step 6: Mount the Encrypted Volume

tc18.jpg
tc19.jpg
tc20.jpg
tc21.jpg
tc22.jpg
There are two ways to mount an encrypted volume, automatically or manually. After using either of these methods, you should see the volume show up as the first available drive letter. You can now use the encrypted volume as you would a normal drive.

Automatically:

This requires that you have autoplay turned on.
1. When you insert the USB drive for the first time, you will see a dialog asking what you want the default action to be, one of the options listed will be Mount TrueCrypt volume. Click this, then click OK.
2. You should now see the TrueCrypt dialog asking you to enter your password. Enter the password then click OK.

Manually:

If you have autoplay turned off, you will need to mount the encrypted volume manually.
1. Start TrueCrypt, then click the Select File button.
2. Browse to your USB drive, select the encrypted volume file, then click OK.
3. Click the Mount button.
4. Enter the password for the encrypted volume, then click OK.

Step 7: Unmount the Encrypted Volume

To unmount the encrypted volume, right click on the TrueCrypt icon in the tray next to the clock and select Dismount and whichever drive letter the encrypted volume is using, in this case Z:\. Alternately, you can select Dismount All Mounted Volumes.

WARNING:
Remember the NTFS setting that we changed all the way back at the beginning? This Means that you can't just yank out the USB drive when you've shut down the encrypted volume. This is a quick way to corrupt the entire volume.

You need to shut the USB drive down before you remove it. To do this, click on the green arrow in the tray next to the clock and select Safely Remove Hardware, then locate the USB drive in the list and click stop. If you get the device cannot be stopped message, try exiting TrueCryptm then try again. If the device will still not stop, wait 5 minutes, then give it one more try. If it still will not exit, shut down the machine, then remove the USB drive.

1-40 of 62Next »
Trent The Thief says: May 22, 2008. 12:00 PM
Try an IronKey instead.

http://www.ironkey.com.

Using truecrypt traveller is cool, but having a the built-in tor client and browser, as well as having a tamper-proof device is better.
2
ReCreate in reply to Trent The ThiefMay 7, 2009. 4:40 PM
Well,If you got data you never want to be leaked,Like Windows 7 Corporate edition,You may want to put it there.
2
ReCreate in reply to Trent The ThiefMay 7, 2009. 4:35 PM
Sure,You gotta love A super encrypted 4MB flash drive,Well,Thats the size that you can afford,Or anyone for that matter.
3
rockiesjason (author) in reply to Trent The ThiefMay 23, 2008. 6:27 PM
Gah. Worse and worse. If you enter the wrong password 10 times or "tamper" with the case it self destructs (not sure exactly what this means). I can't have my portable storage bursting into flames every time I set my bag down too hard.
DrCoolSanta in reply to rockiesjasonAug 14, 2008. 12:27 AM
That means your pendrive gets formatted. The sole reason I removed it when I got it from the factory in my pendrive. Seriously, if someone else wants to format, he knows how to.
2
ReCreate in reply to DrCoolSantaMay 7, 2009. 4:33 PM
you know,You can un-format drives,But i think that is with magnetic storage only
WTHAI in reply to DrCoolSantaAug 28, 2008. 3:19 PM
No, it actually self destructs. Boom. The memory chip inside jettisons away from the board, disconnecting itself and deleting your files forever.
DrCoolSanta in reply to WTHAIAug 29, 2008. 2:30 AM
Lol?
WTHAI in reply to DrCoolSantaAug 29, 2008. 9:09 PM
No man, I'm completely serious. There's also a transmitter in there which informs the company if the self destruct mechanism doesn't work, summoning an Iron Key employee to your house to beat you and the flash drive with a mallet. Then he takes your cash and pets. I'm still recovering from the incident.
DrCoolSanta in reply to WTHAIAug 30, 2008. 11:27 AM
XP, the next thing I hear is, them sending you a cheeze cake because you sued them for illegally kissing you just because you were able to survive when your pendrive selfdistructed.
3
rockiesjason (author) in reply to Trent The ThiefMay 23, 2008. 6:25 PM
After a brief bit of research, it also appears that Ironkey is windows only. Meh.
3
rockiesjason (author) in reply to Trent The ThiefMay 23, 2008. 6:17 PM
That does look interesting. I've not used one, but be cautious with it, as it may not be the magic bullet that you think it is. I know some of the other hardware crypto USB devices have turned out to have very thin and easily crackable implementations. Also tor is not the fully anonymous solution that it's often advertised to be. Additionally, it's wicked expensive. For the cost of their 8gb model, you could go buy TWO 32gb flash drives and apply your own security and apps. However, as I said, I've not used one. It COULD be the greatest thing since sliced spam.
Trent The Thief in reply to rockiesjasonMay 24, 2008. 5:29 AM
Hi Rockie, I can absolutely vouch for their ruggedness. Mine has been through the washer/dryer numerous times. The outer case looks like crap, but it functions flawlessly. It is expensive. That is true. However, it is alway proof against bruteforce attacks. The encrypted partition can not be extracted for attack in a hostile computer. A physical attack guarantees that the next time it is powered on that the encrypting hardware that connects to the internal memory fries. Regarding TOR, yes, it isn't absolute proof against attack, but if things are really that serious, one is well and truly hosed and the best thing to do is stay in crowded places :-) It's a convenience factor. Having a built-in firefox and tor client makes it relatively simple to browse from anywhere leaving no tracks on the host computer and serves well for a secure email check. NOTE: LINUX VERSION IS COMING!!!!!
mweston in reply to Trent The ThiefSep 3, 2008. 3:43 PM
I used to have an Iron Key, but it got too small when I started making videos. Then in the middle of all this forum reading I thought, why the heck would anyone need a TOR encryption and secure web browsing, ect. if all they're using it for is videos or schools files. I mean I can see it if you have important work files (which I had some of) or you were hacking the schools network (which I have done, and now I'm good friends with the tech guy... but thats a different story) but in many cases it wasn't really that useful. But thats just a really long random thought.
i.am.flink in reply to mwestonSep 4, 2008. 2:19 AM
Oh, sure. It's not going to be useful for anyone with a need for high-performance external storage. It's intended to hold and maintain a number of files in complete security. The onboard browser and TOR are nice if you are using a public terminal and would like to have a bit more privacy that the local browser provides. I keep quite a bit of private data on mine. I need to have the data on hand and I sure don't want to lose it to a third-party if I drop the drive someplace. I doubt that I'd buy a second one. The 4GB is plenty for what I need.
mweston in reply to i.am.flinkSep 4, 2008. 12:35 PM
Get it if you want it (though I have to say the firefox secure browsing is helpul sometimes) anyway for your purpose I would recomment it
mweston in reply to mwestonSep 4, 2008. 12:36 PM
Sry, didn't check for spelling - that would be helpful and recommend :-P
mweston in reply to mwestonSep 3, 2008. 3:45 PM
Anyway, if you want one, they're great - rugged and file transfer is pretty good. The only reason to get another one is if it was a present or something
3
rockiesjason (author) in reply to Trent The ThiefMay 25, 2008. 7:22 AM
Well cool then. Maybe if they get the Linux version out and get the size up some, I'll give it a shot.
Trent The Thief in reply to rockiesjasonMay 25, 2008. 3:06 PM
I'm hoping the new SW will be both versions on one stick. I went with the 4GB version. I feel a lot better knowing that any data I need to carry is safe.
ScubaSteve in reply to Trent The ThiefAug 28, 2008. 2:43 PM
I heard that when that you try to open an iornkey it releases a sort of chemical that fries the flash chips, or something
1
Cartuner55 says: Feb 1, 2009. 3:33 PM
can you access your files on a computer without TrueCrypt?
2
ReCreate in reply to Cartuner55May 7, 2009. 4:30 PM
No,But trueCrypt appears to be on the drive
2
ReCreate says: May 7, 2009. 4:29 PM
Hey,An 8 GB flash drive,How unusuall,Why is it so large?
2
ReCreate in reply to ReCreateMay 7, 2009. 4:29 PM
I got a 16GB,And it is tiny,Like the size of a bluetooth dongle
2
Berkin says: Jan 17, 2009. 2:36 PM
Neat!
3
sideways says: Mar 12, 2008. 8:21 AM
Recently I read something about a possible weakness of encrypted data on flash drives. The idea was that, because of the way flash drives spread the data writes around, it might be possible for stray data to stay stored in flash even after unmounting.

This is because flash drives avoid writing to the same data areas all the time, instead spreading it around to avoid wearing out one particular portion of the memory. Of course, this might only be an issue if one writes any new data to the flash drive before it's unmounted.

A workaround might be using an eraser program *after* unmounting, but before removing the drive from the pc. The eraser program would have to be stored on the unencrypted portion of the drive, of course.

Ideas, anyone?
jgscott987 in reply to sidewaysOct 16, 2008. 12:58 PM
Truecrypt NEVER writes unencrypted data to the disk. It encrypts and decrypts data on the fly. When you save a word document to a TrueCrypt volume, it is encrypted before it ever gets to the drive.
3
rockiesjason (author) in reply to sidewaysMar 12, 2008. 8:33 AM
Yes, this is called wear leveling. Unfortunately, using one of the utilities that is intended to erase the free space on a disk will just make the problem worse on a flash drive and will actually spread more copies of the files (or partial files) around on the drive. You are correct that this is only a problem with data written to the drive before then encrypted partition was created and for files in any unencrypted section of the drive that might be present. In my opinion (YMMV), if the encrypted volume takes up the majority of the space on the drive and is used relatively frequently, the wear leveling process should overwrite most of the bits containing plaintext files or fragments relatively quickly. This would be something worth experimenting a bit on :)
2
iman in reply to rockiesjasonMar 13, 2008. 9:19 AM
the best thing to do to avoid wear leveling weaknesses would be to buy a brand new flashdrive and encrypt it before you add any files.
3
rockiesjason (author) in reply to imanMar 13, 2008. 2:53 PM
Exactly so.
2
Zlwilly says: Aug 7, 2008. 12:52 PM
Truecrypt all the way for me. I was so excited when I first found it. Finally, I thought, encryption I can really use. Good stuff!
5
raykholo says: May 15, 2008. 6:48 PM
the fact that you can only access the files on a computer where truecrypt is installed can be a problem. it would help me though, and i was been using it for a while, even before i read this instructable if its not on a flash drive, you can just integrate the space into any random file.
3
rockiesjason (author) in reply to raykholoMay 23, 2008. 6:19 PM
Nope, that's not the case. Read through the instructable again carefully.
7
A.C.E. says: May 20, 2008. 2:26 PM
some kid was selling porn on his psp to other people at my school so now all of ur electronical devices are being taken and checked for pornografical pics and vids.. i bet this would piss the teachers off so bad :D
3
rockiesjason (author) in reply to A.C.E.May 23, 2008. 6:18 PM
If you were careful, they'd never find it.
6
mettaurlover says: May 5, 2008. 5:39 PM
where u get that drive? it cool.
3
rockiesjason (author) in reply to mettaurloverMay 23, 2008. 6:12 PM
From Ebay, iirc. It actually not a flash drive, its a microdrive. Pretty neat other than having to be somewhat more careful with it. Also the filp out USB connector is a little fragile.
jridley says: May 19, 2008. 6:31 AM
All of these "but it only works if truecrypt is installed on every machine" comments are uninformed, mostly. You need only install TC in traveler mode on the USB drive. Traveler mode is an EXE only TC program, which can be run on any machine without installing. Then you can run TC from the drive (in the unencrypted part) and mount your encrypted volume that way. I say "mostly" wrong because it is true that you need to be a priviledged user to run TC from the USB drive, but almost all Windows boxes in the world default to that mode anyway. Personally I've been able to mount TC volumes with the Traveler EXE on my USB drive on every machine I've ever walked up to, including library computers. The only alternative to something like TC traveler mode would be hardware encryption, and most hardware encrypted USB drives have, in recent months, proven to be ridiculously weak. One just had a chip that XORed data, I think, and another allowed override by simply shorting out a wire inside. Thumb drives that come with "encryption" are almost always just proprietary software similar to TC - given that, they're even less portable than TC, and proprietary encryption software should never be trusted - as often as not it's eventually discovered to have been written by someone with no idea what they're doing. Even when I buy an "encrypted" hard drive, first thing I do is erase their software and install TrueCrypt.
kfrench says: Apr 10, 2008. 9:07 AM
Isn't there another software option?? TrueCrypt is worthless for a main reason why people use USBs -- portability (i.e., the fear of losing the USB in transit). TrueCrypt cripples a USB's portability because the you cannot decrypt the USB unless the target computer has TrueCrypt installed, right? In essence, to effectively use TrueCrypt you must have sufficient privileges to install TrueCrypt on every machine you ever plug the USB into otherwise you cannot access data on the USB. Robust and practical USB encryption should enable you to access encrypted USB content from any computer, regardless of what programs are installed on the computer. For example, I have sensitive info on the USB. I want to encrypt the USB's contents and take the USB for use of the USB's content at another location/computer. If I use TrueCrypt, I have to carry my laptop with me because the computer I am using at the other location does not have TrueCypt and I cannot install TruCrypt on the other computer (e.g., I lack sufficiant rights on my work computer). I am not worried about the content of the USB being exposed on the computers (e.g., carrying work files to and from home); I am, however, worried about losing the USB in transit between home and work. The complete lack of portability effectively makes TrueCrypt worthless for USBs. Hardware based encryption seems like the only practical encryption for USBs. Please correct me if I am wrong. Thanks.
1-40 of 62Next »
Pro

Get More Out of Instructables

Already have an Account?

close

PDF Downloads
As a Pro member, you will gain access to download any Instructable in the PDF format. You also have the ability to customize your PDF download.

Upgrade to Pro today!