Create Encrypted Archives for All Computers – Mac Kung Fu, 2nd Edition

Tip 209Create Encrypted Archives for All Computers

Elsewhere I explained how to create encrypted archives for use under OS X (see Tip 126, Secure All Your Files Against Hackers). But if you also own a Windows or Linux computer, you might want to create cross-platform encrypted archives that you can copy to, say, a USB stick and carry around with you.

Luckily, a piece of open source (and therefore free) software called TrueCrypt provides this functionality. TrueCrypt works by creating an encrypted filestore. This single file is then mounted by the operating system and accessed as a virtual disk drive in a similar way to when you attach a USB memory stick.

When you’ve finished, you unmount it, thus “locking” the store so that nobody can access it without typing the password.

Setting Up and Installing

Start by downloading TrueCrypt from http://www.truecrypt.com. Select the Mac OS X “.dmg package” release. You might also choose to download the versions for any other operating systems you’d like to use your new filestore under.

Once the download has finished, install the software by browsing to the location you downloaded it to, double-clicking the dmg file and then right-clicking the mpkg installation file, and selecting Open. You’ll be warned that the package is from an unidentified developer, but this is fine—just click the Open button in the dialog box.

Creating an Encrypted Archive

Run the program (you can find it in Applications). The following instructions explain how to create an initial encrypted filestore:

  1. Encrypted filestores are known as volumes. So, click the Create Volume button in the middle left of the program window. A wizard will appear. Ensure that “Create an encrypted file container” is selected, and click Next. (Note that the second option, “Create a volume within a partition/drive,” might seem to suit your needs better, but creating a container file allows the encrypted filestore to be transferred easily from one USB key stick to another, if need be; thus, it’s the best choice here.)

  2. Select the type of volume you want to create. The default choice of Standard TrueCrypt volume is fine. You might want to investigate the Hidden TrueCrypt volume option at some point, but it has a specific purpose and adds some complications. When done, click Next.

  3. On the Volume Location screen, click Select File to type a filename and select a location for the new archive. By default TrueCrypt archives don’t need a file extension, but it’s a good idea to give it one, so add the extension .tc. This will enable you to double-click the filestore to open it in Windows. Once you’re done, click the Save button in the dialog box; click the Next button in the wizard to move to the next step.

  4. You’ll be invited to choose the encryption algorithm you want to use. You can select each in the list to read a description underneath the list showing the pros and cons of each choice. AES is a good choice for most uses. You can also change the hash algorithm if you want, but there shouldn’t be any need to do this. Once you are done, click Next.

  5. Now you’ll be prompted to enter the size of the filestore. If you’ve chosen to create the filestore on a USB stick, you’ll be told how much free space is available. You can’t enter fractions of a gigabyte or megabyte, so to enter 1.9GB, for example, you would need to select MB from the drop-down list and type 1946 into the Volume Size textbox (bearing in mind that there are 1024MB in 1GB, so 1.9 x 1024 = 1945.6). Once you’re done, click Next.

  6. Now you’ll be invited to choose a password for the archive. As always, a good password involves both lowercase and uppercase characters and should be as long as you can make it while still being possible to remember. Avoid clichés or anything else that might be easily guessed. Click Next when done.

  7. You’ll now be asked to choose the filesystem for the filestore. FAT is the best choice because it’s understood by Windows, Mac OS X, and Linux. Click Next when you’ve made your choice.

  8. Next you’ll go to the volume format screen. However, first you must create some random data for the encryption process. As strange as it might seem, this is done by waving the mouse pointer around within the TrueCrypt program window. So, wave the pointer around for a few seconds, and then click the Format button. After this, the filestore will be created. This might take some time for larger archives. Once it’s done, click Exit.

Accessing the Filestore

After creating the filestore, you must mount it so it’s accessible. Follow these steps to do so—the instructions are essentially the same for versions of TrueCrypt running on all operating systems:

  1. Start TrueCrypt if it isn’t already running, as described earlier, and in the main TrueCrypt dialog box, select 1 under the Slot heading.

  2. Click the Select File button. Navigate to your new filestore using the file-browsing dialog box, and click the Open button. Back in the TrueCrypt window, click the Mount button. You’ll immediately be prompted for the archive’s password, so type it. After this, a new drive icon should appear in the Devices list in the Finder sidebar offering access to the encrypted filestore, as if a new drive had been connected to the system. It’ll probably be called NO NAME. You can drag and drop files to it, just like any removable storage device.

  3. Note that you’ll need to keep the TrueCrypt program running while using the archive file. However, you can close the program window, which will leave TrueCrypt running in the Dock. It’s also possible to configure TrueCrypt to quit without unmounting the archive: on the menu, click TrueCryptPreferences, ensure the Security tab is selected, and remove the check from the TrueCrypt Quits box.

  4. Once you’ve finished using the filestore, you can simply unmount it in the usual way: open Finder, and click the Eject icon next to the filestore’s entry in the devices list. Alternatively, start TrueCrypt again, select the archive’s entry in the list, and click the Dismount button.

When the filestore is mounted, a useful tip is to click FavoritesAdd Selected Volume to Favorites. From then on, you can quickly mount the filestore by selecting its entry on the Favorites menu when you start TrueCrypt. You should also be able to right-click the TrueCrypt icon in the Dock when the program is running and click the entry there to automatically mount it.