The University of Texas at Austin

Security Awareness

Encrypting Files on Your Windows Computer Using TrueCrypt

This procedure describes how to encrypt individual files or groups of files on your Windows XP or higher computer using the TrueCrypt encryption software. Once you complete this procedure, you may notice that your computer slows down a bit as you open and close encrypted files.

Warning

If you lose, forget, or otherwise misplace the password for encrypted files you will be permanently unable to recover the contents of these files. Please be sure to store your password in a secure location.

Notes

The installation of TrueCrypt requires administrative privileges on your machine.

TrueCrypt never saves any decrypted data to a disk - it only stores the data temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be unmounted and all files stored on it will be inaccessible (and encrypted). Even when the power supply is suddenly interrupted (without proper system shutdown), all files stored on the volume will be inaccessible (and encrypted). To make them accessible again, you have to mount the volume.

If you share your computer, be aware that if owner and file system permissions are not set correctly a mounted TrueCrypt volume may be visible to other logged in users. Contact your system administrator for more information.

Installing TrueCrypt

To install the TrueCrypt software used to encrypt files, follow these steps:

  1. Visit the TrueCrypt downloads site and download the latest stable version.
  2. Run the TrueCrypt installer.

Creating the TrueCrypt Volume

To create an encrypted TrueCrypt volume to store your sensitive files, follow these steps:

  1. From the Start menu, select All Programs, then select TrueCrypt and then TrueCrypt.
  2. Click the Create Volume button.
  3. Ensure Create an encrypted file container is selected and click Next.
  4. Select Standard TrueCrypt volume and click Next.
  5. On the Volume Location screen, click the Select File... button.
    • Navigate to a directory of your choosing (for example "My Documents").
    • In the File name dialog box, enter a name for your volume (for example "My Volume")
      Note: Be sure not to choose an existing file, as doing so will not encrypt the file but overwrite it causing data loss.
    • Click Save.
  6. Click Next.
  7. Choose an Encryption Algorithm and a Hash Algorithm (if you are unsure, choose AES and SHA-512) and click Next.
  8. Specify a volume size. Ensure that the size is large enough to accomodate the files you wish to encrypt.
  9. Choose a good volume password, store the password in a safe location, and click Next.
    • Passwords should be stored in safe, secure locations which include but are not limited to safe deposit boxes, safes, or locked cabinets in secure rooms.
  10. Move your mouse as randomly as possible within the Volume Creation Wizard window for at least 30 seconds. This significantly increases the cryptographic strength of the encryption keys.
  11. Click Format.
  12. When prompted that "The TrueCrypt volume has been successfully created" click OK.
  13. Click Exit.

Mounting Your TrueCrypt Volume

In order to use your TrueCrypt volume to encrypt data or read data that has already been encrypted, you must first mount the TrueCrypt volume.

  1. From the Start menu, select All Programs, then select TrueCrypt and then TrueCrypt.
  2. Select a drive letter where you want to mount the TrueCrypt volume.
  3. Click the Select File button.
  4. Navigate to your volume file, select it, and click Open.
  5. Click Mount.
  6. Enter your volume password and click OK.

Encrypting Your Data

To encrypt your data on a mounted TrueCrypt volume, follow these steps:

  1. Open your mounted secure volume.
  2. Move (cut and paste) your file to this volume.
  3. Your file is now encrypted.

Sharing Encrypted Data

If you would like to share encrypted data with another individual, create a seperate TrueCrypt volume containing only the data and files you wish to share. You will also need to provide the volume password for this additional TrueCrypt volume.

In order to prevent unauthorized access to the ecrypted data, you should send the volume file and the volume password via different methods. For example, share the volume file on WebSpace and provide the volume password over phone.

Note: If you plan to share your volume password, make sure that the volume password is not the same as your UT EID password or the password you use for any other TrueCrypt volumes.