I will be walking you through the steps needed to encrypt a USB drive using the free encryption tool TrueCrypt. In this instructable, I will be using a Windows XP system as an example, but TrueCrypt will also run on Linux and OS X.
Step 1: Materials
For this instructable, you will need the following:
a USB drive
a PC running Windows 2000, XP, or Vista
a copy of TrueCrypt 5.0, which can be downloaded from here
Step 2: Format the USB Drive
In this example, we will be using an 8 Gb USB drive. If you are using a large USB drive and intend to create an encrypted volume that is larger than 4 Gb, you will need to format the drive with NTFS, as Fat32 cannot support files larger than 4 Gb.
In order to format a removable drive as NTFS, we will need to tweak the settings slightly:
1. Right click on My Computer on the Desktop and choose properties
2. Click on the Hardware Tab
3. Click on the Device Manager Button
4. Click the + symbol next to Disk Drives
5. Select your USB drive
6. Right click and choose properties
7. Click the Policies tab
8. Click the Optimize for performance radio button
9. Click OK and close the Device Manager window
10. Click OK on the System Properties window
Now we will format the drive:
WARNING: Formatting the drive will destroy any data on it (duh)
1. Double click My Computer on the Desktop
2. Select your USB drive
3. Right click and choose Format
4. In the dropdown box under File System, choose NTFS
5. Under Format Options, check the Quick Format checkbox
6. Click the Start button
7. Click OK on the warning dialog
8. Click OK on the Format Complete dialog
9. Click Close on the Format window
Step 3: Install TrueCrypt on the PC
Run the installer for TrueCrypt that you downloaded in step 1. Unless you have a reason to change them for your machine, the default settings for the install will work just fine.
Step 4: Configure Traveler Disk Settings
Now we will configure the USB drive as a Traveler Disk. This will place a portable copy of TrueCrypt in an unencrypted portion of the drive so that the encrypted volume can be accessed on systems that do not have TrueCrypt installed.
Note: In order to use the portable copy of TrueCrypt, you need to have administrator rights on the machine. If you do not have administrator rights, TrueCrypt cannot install the needed driver to open the encrypted volume.
1. Start Truecrypt.
2. In the Tools menu, select Traveler Disk Setup
3. In the field below Create traveler disk files, enter the drive letter of the USB drive, in my case E:\
4. In AutoRun Configuration click the Auto-Mount radio button
5. Under TrueCrypt volume to mount, enter the desired volume name, in this example, I used volume. Make sure that you remember what you used here, as we will need it later.
6. Click the Create button
7. Click OK on the Creation dialog
Step 5: Create the Encrypted Volume
Now we will create the encrypted volume.
1. Click Tools, then select Volume Creation Wizard
2. Click the Create a File Container radio button, then click Next
3. Click the Standard TrueCrypt volume radio button, then click Next
4. Click Select File
5. Browse to the USB drive. You should see the TrueCrypt folder that was created here in the previous step. In the File Name field, enter the SAME volume name that you used in the Traveler settings earlier, then click the Save button.
6. Click Next
7. Click Next
8. On the Volume Size dialog, enter the size in Mb that you want the encrypted partition to be. I like to leave a little extra space so that I can store a few unencrypted files on the drive if I need to. Click Next
9. Enter the password for the encrypted volume twice. If you use a password of less than 20 characters, the installer will complain at you for using a weak password. Click Next.
10. Click the Format button. You will see the volume format for somewhere between 10 minutes and an hour or so, depending on the size of the volume and your machine.
11. Click OK
Step 6: Mount the Encrypted Volume
There are two ways to mount an encrypted volume, automatically or manually. After using either of these methods, you should see the volume show up as the first available drive letter. You can now use the encrypted volume as you would a normal drive.
This requires that you have autoplay turned on.
1. When you insert the USB drive for the first time, you will see a dialog asking what you want the default action to be, one of the options listed will be Mount TrueCrypt volume. Click this, then click OK.
2. You should now see the TrueCrypt dialog asking you to enter your password. Enter the password then click OK.
If you have autoplay turned off, you will need to mount the encrypted volume manually.
1. Start TrueCrypt, then click the Select File button.
2. Browse to your USB drive, select the encrypted volume file, then click OK.
3. Click the Mount button.
4. Enter the password for the encrypted volume, then click OK.
Step 7: Unmount the Encrypted Volume
To unmount the encrypted volume, right click on the TrueCrypt icon in the tray next to the clock and select Dismount and whichever drive letter the encrypted volume is using, in this case Z:\. Alternately, you can select Dismount All Mounted Volumes.
Remember the NTFS setting that we changed all the way back at the beginning? This Means that you can't just yank out the USB drive when you've shut down the encrypted volume. This is a quick way to corrupt the entire volume.
You need to shut the USB drive down before you remove it. To do this, click on the green arrow in the tray next to the clock and select Safely Remove Hardware, then locate the USB drive in the list and click stop. If you get the device cannot be stopped message, try exiting TrueCryptm then try again. If the device will still not stop, wait 5 minutes, then give it one more try. If it still will not exit, shut down the machine, then remove the USB drive.