Document directory
- 1. Download and install truecrypt
- 2. Create a mount encrypted file/partition
- 3. Create and mount a hidden encrypted volume
- 4. Encrypt System partitions
- History:
- Encryption entry series:
Getting started with encryption (III): truecrypt
Posted on, by Terry Chen, under
Software tutorial
.
Truecrypt is a powerful open-source encryption tool. With truecrypt, you can create an encrypted file as a virtual encryption volume and save the file to be protected in the encrypted file, you can also encrypt hard disk partitions or even system partitions.
Let's take a look at the powerful truecrypt.
1. Download and install truecrypt
First
Official Website
Download truecrypt and go
Download Page
Then, under "Windows 7/Vista/XP/2000", click the Download button to download the Windows version.
The installation process is in English. follow these steps:
- Run the downloaded installer and go to the "License" page, select the "I accept and agree to be bound by the license terms" check box under the authorization text (I agree to and accept the constraints of the authorization agreement), and click "accept" (accept.
- Go to the "wizard mode" page. The following two options are available:
- Install (installation mode): If truecrypt is installed normally, related information is written to the registry and a shortcut is created.
- Extract (extract mode): extract truecrypt to a specified folder without writing any information to the computer. Run truecrypt.exe to run truecrypt.
- If you select the install option in the previous step and click Next to go to the "setup mode" (installation mode) page, follow the instructions in the text to complete the settings and click Install to start the installation.
- If the extract option is selected in the previous step, the installation program will pop up a dialog box asking for confirmation. The message is as follows: if the extract option is selected for installation, truecrypt must run in portable mode (Mobile mode) each time it is started, therefore, you must start the service as an administrator and trigger the UAC (User Account Control) Prompt every time you run the service. After confirmation, go to the next page, select the decompression path, and click "extract" to start decompression.
After installation, go
Http://www.truecrypt.org/localizations
Download the Simplified Chinese Language Pack, decompress it to the truecrypt installation directory, run truecrypt, and select the "language" option in the "setting" menu, in the displayed dialog box, select "simplified Chinese.
2. Create a mount encrypted file/partition
Creating an encrypted file/partition is the most basic encryption function of true crypt. There is no big difference between creating and using methods.
Follow these steps to create an encrypted volume.
- Run truecrypt and select "create encrypted volume" in the "encrypted volume" menu. The create encrypted volume wizard dialog box is displayed. Three options are available:
- Create a file-type encrypted volume: Create an encrypted file and store the confidential data in an encrypted file.
- Encrypted non-system partition/device: Create an encrypted partition to store confidential data in an encrypted partition.
- Encrypt the system partition or the hard drive of the entire system: encrypt the entire system partition and enter the password before starting the system.
Select the first or second item and click Next to continue.
- Go to the volume Type page. There are two options to choose from:
- Standard truecrypt encrypted volume
- Hidden truecrypt encrypted volume
Select the first item here. This article will introduce the function of hiding the encrypted volume. Click Next to continue.
- If you have selected "Create File-type encrypted volume", go to the "encrypted volume location" Page and select the location where the encrypted volume file is stored. Since truecrypt allows you to use any extension, you can use. common extensions such as Doc are disguised. Click Next to continue after the settings are complete.
- If you have selected "encrypted non-system partition/device", you can also go to the "encrypted volume location" page, but select the device to be encrypted, after you select a device, you need to set the "encryption volume creation method", including "create encryption volume and format" and "Local encryption partition" options. After the settings are complete, click Next to continue.
- Now go to the "encryption options" Page, here you can select the encryption algorithm and hash algorithm, the default settings are AES encryption algorithm and RIPEMD-160 hash algorithm, it is recommended to keep the default settings, after setting, click Next to continue.
- Go to the "encrypted volume size" page. If you create a file-type encrypted volume, you can specify the size of the encrypted volume here. The encrypted volume size is actually the maximum capacity of the encrypted volume, set according to your needs and data size, and click Next to continue.
- Go to the "encryption volume password" Page and select two different decryption Methods: password and key file. The two decryption methods can be superimposed. After setting is complete, click Next to continue.
- Go to the "encrypted volume formatting" page, where you can set the file system type and cluster size of the encrypted volume. If you have selected "Create File-type encryption volume", you can set whether the volume is dynamic. The dynamic volume refers to the automatic expansion of the size of the encrypted file based on the data capacity. If you select "encrypt non-system partition/device", you can set whether to format it quickly. Click "format" to create an encrypted volume.
To use encrypted volumes, follow these steps:
- On the truecrypt main interface, click "Load file" or "load device" to select an encrypted file or an encrypted partition.
- Select an idle drive letter from the drive letter list and click the "LOAD" button below.
- Enter a password or provide a key file for decryption according to the preset decryption method.
- If necessary, click the "load options" button in the dialog box to further adjust the loading settings.
After mounting, you can see the encrypted volume in the Resource Manager. The encryption volume is no different from the common partition. The decryption process is automatically performed in the background and transparent to users.
After using the encrypted volume, click the unmount button under the main interface of truecrypt to uninstall the encrypted volume to ensure data security.
If you need to change the encryption volume password, uninstall the encryption volume first, click the "encryption volume tool" button, and select "Change encryption volume password" in the menu ", in the displayed dialog box, change the password.
3. Create and mount a hidden encrypted volume
Hiding an encrypted volume is a way to confuse intruders and hide encrypted data, that is, by hiding another encrypted volume in the encrypted volume to protect confidential data. If you are forced to provide an encrypted volume password, the password of the outer encrypted volume is provided, and the attacker cannot prove that there is a hidden encrypted volume.
The procedure for creating a hidden encrypted volume is similar to that for creating a common encrypted volume. In the create an encrypted volume wizard, select create a hidden encrypted volume, and then select create a hidden encrypted volume mode, two modes are available:
- Normal Mode: first create a common encrypted volume as the outer encrypted volume, and then create an inner layer to hide the encrypted volume.
- Direct mode: uses the created normal encrypted volume as the outer encrypted volume, and then creates an inner layer to hide the encrypted volume.
The subsequent steps are similar to creating a common encrypted volume. Follow the wizard.
To mount a hidden encrypted volume, you can directly enter the password for the hidden encrypted volume. That is to say, whether the mounted encrypted volume is an external encrypted volume or a hidden encrypted volume depends on the entered password, instead of loading the outer encrypted volume, load the hidden encrypted volume.
Because the encrypted volume and the outer encrypted volume share space, writing data to the outer encrypted volume may damage the hidden encrypted volume, therefore, do not modify the content of the outer encrypted volume after creating the hidden encrypted volume. If you need to modify the content, protect the hidden encrypted volume during mounting to avoid damage to the hidden encrypted volume. The method is as follows:
When you enter the password for mounting an outer encrypted volume, click "loading options". In the "loading options" dialog box that appears, select "Protect the hidden encrypted volume when writing data to the outer encrypted volume ", then, enter the hidden encryption volume password to load the data to protect the hidden encryption volume. However, it should be noted that the protection of hidden encrypted volumes makes it easy for others to find hidden encrypted volumes, because the encrypted volume type shown in truecrypt is "outer ".
4. Encrypt System partitions
Before encrypting system partitions, make the following preparations:
- Prepare a blank disc to burn the truecrypt emergency disk, or install the virtual optical drive software.
- Confirm that truecrypt is the installed version.
Follow these steps:
- Start the "Create encrypted volume" Wizard, select the "encrypt system partition or system hard disk" option, and click "Next" to continue.
- Go to the system encryption Type page. There are two options to choose from:
- GENERAL: directly encrypt the system partition or the entire hard disk.
- Hide: Create a hidden operating system, similar to hiding an encrypted volume.
Here we select the second item and click Next to continue.
- Go to the "region to be encrypted" Page. Two options are available:
- Encrypt the partition where windows is located: Only encrypt the partition where windows is installed, usually the drive C.
- Encrypt the entire hard disk: encrypt the hard disk installed in windows.
Select as needed and click "Next" to continue.
- If you select to encrypt the entire hard disk, the wizard will ask whether to encrypt the host protection area. We recommend that you select "no" and click Next to continue.
- Now, go to the "number of operating systems" Page. Select "single system" or "Multi-start" based on the actual situation. (We recommend that you do not use this type of encryption for multiple-start users.) Click Next to continue.
- The subsequent steps are the same as creating a common encryption volume, including selecting an encryption algorithm and entering a password. You can set it according to the wizard.
- Currently, truecrypt requires you to burn a truecrypt emergency disk, which must be burned before it can continue. If you do not want to burn the file, use the virtual optical drive to mount the image file. After verifying the disc, click "Next ".
- Truecrypt will now ask about the erasure mode. The optional options are "Do not erase", "3 erases", "7 erases", and "35 erases". The more erasure times, the better the data security, but the longer the time is, click "Next" after setting ".
- Now truecrypt will perform a pre-test on the system. Click "test" to restart the computer for testing. After the restart, a password is required before Windows starts.
- After entering the system, truecrypt will prompt you to start encryption. Note that encryption cannot be canceled midway through after encryption is started. You can only pause or postpone encryption.
- After the encryption is completed, you must enter a password for each boot to use the operating system.
If you want to decrypt the encrypted system, run truecrypt, select "permanently decrypt system partition/Drive" from the "System" menu, and then start decryption.
Truecrypt is a professional and easy-to-use encryption software that provides high-quality encryption protection for confidential data on the local machine. It is recommended for users who have high requirements on data security.
History:
- April March 20, 2011: the first draft is completed.
- April August 13, 2011: simplified text and structure adjustment
Encryption entry series:
- Introduction to Data Encryption
- Getting started with encryption (1): EFS
- Getting started with encryption (2): bitlocker
- Getting started with encryption (III): truecrypt
- Getting started with encryption (4): gpg4win