Encrypting Data on Portable Devices (USB Keys and External Hard Drives)


One of the most dangerous ways of transporting and storing unsecured sensitive data is by using a USB Memory key, external hard drive or other small storage devices.  These devices are capable of holding large amounts of data and can be easily lost or stolen due to their small size.  Library and Technology Services (LTS)  recommends that data of a sensitive nature should be encrypted when saved to an external storage device such as a USB key or external hard drive. 

Although there are many software packages available to encrypt files on external devices, LTS recommends the use of  an open source software package named TrueCrypt.  Trucrypt is free, comes in Windows and Linux versions and is available for download at http://www.TrueCrypt.org/downloads.php.  It is also important to note that in order to access a TrueCrypt volume on multiple computers, TrueCrypt MUST be installed on each computer you use. If you forget your TrueCrypt password for your volume there is  no way to recover your data.  The following instructions explain how to download and install the program as well as create an encrypted volume on a Windows XP system:

Downloading and Installing:

1: Download TrueCrypt from http://www.TrueCrypt.org/downloads.php and save the installation file to your Desktop.
2. A TrueCrypt-4.2a.zip archive will be created.  Open the archive and click on TrueCrypt Setup and then click the "Extract All" button.  You may want to copy the TrueCrypt archive to your USB Drive so it can be installed on additional computers when needed.
3. A TrueCrypt-4.2a folder will be created on your desktop.  Open the folder and click on TrueCrypt Setup and then the "Run" button
4. Read the end user license agreement and click the "Install" button. After the programs installs, click the " Exit" button.

Setting up an Encrypted Volume:

1. Go the the Start menu, All Programs, TrueCrypt and click on the TrueCrypt menu option to start TrueCrypt
2. Click on the "Create Volume" button on the main TrueCrypt screen


2.  The Create Volume Wizard will appear.  Click on the "Next" button to create a standard TrueCrypt volume.  



3. The next step is to name the volume and select the volume's location.  At this point make sure you have your usb key, usb drive or external storage device connected to your computer.  Then click the "Select File" button to name the volume and to choose the volume location.



4.  Next, click on the down arrow next to "Look in" to select the device (A USB key being used for this example is mounted as the E: drive) you want to use.  Next, give the volume a name by placing a name (it is up to you on what to name it) in the "File Name" area and click "Open"



5.  Click on the "Next" button in the TrueCrypt Volume creation wizard



6.  Next you have the choice to select an Encryption Algorithm.  Most algorithms are secure but AES is a government standard so leave the default (AES) and click the "Next" button



7. Now you need to enter the size of the volume you want to create.  You must go smaller than the free space on your external storage device (the example below shows free space of 249 MB).   Click the "Next" button.  (Please note that 1000 Megabytes MB is equal to 1 Gigabyte and 1000 Kilibytes KB is equal to 1 Megabyte)



8.  Next, create a password that will be used to access the encrypted volume and click the "Next" button.



9.  Next, you need to select the type of  Filesystem you want to use.  Unless you are creating a VERY large volume (many Gigabytes) it is recommended to leave to use to FAT Filesystem.  Click on the "Format" button. When Turecrypt is done formatting, click the "Exit" button.



10. You are now ready to MOUNT your new TrueCrypt volume and start saving your files.
11. At the main TrueCrypt screen,  select the drive letter you want to mount your new TrueCrypt volume (select a drive letter that is not currently being used), and then click on the "Select File" button to locate and select the volume you just created



12. After you select the appropriate volume, click the "Open" button



13. Next, you need to mount the volume by clicking on the "Mount" button.  At this time you will be prompted to enter the password for the volume and the "Mount" button will them turn into the "Dismount" button.  Now, click the "Exit" button and the P: drive (or whatever drive you choose) will show up in "My Computer" as a local disk.  You save files to the encrypted volume the same way to you save to any other volume or disk - through and application (such as Word or by simply dragging the file or files to the drive.   If you reboot your computer or re-insert the USB drive, you will need to Re-Mount the drive by following the instructions in steps 10-13.