Tuesday, January 02, 2007

Encrypting sensitive data on my external hard drive

Quick bulleted list post of how I encrypt data on my external hard drive and usb thumb drive. The idea is that if I ever lose the drive, no sensitive client data would fall into the wrong hands. TrueCrypt creates a file that represents a drive. Think of it like mounting an ISO in Daemon Tools, except TrueCrypt is a writable removable storage device that encrypts and decrypts on the fly. Assuming the external hard drive mounts to G::

  • Unzip TrueCrypt to G:\programs\truecrypt42a
  • If you're running Vista or as a Non-Admin, install it onto your local machine once as an Admin.
  • Start it up, create a volume called G:\encrypted.tc (I'll leave this as an exercise to the reader)
  • Create G:\enctypted-mount.cmd
    @echo off
    "programs\truecrypt42a\Setup Files\TrueCrypt.exe" /v encrypted.tc /lx /e /q /m rm
  • Create G:\enctypted-dismount.cmd
    @echo off
    "programs\truecrypt42a\Setup Files\TrueCrypt.exe" /dx /q

It's just a double-click to mount or unmount the encrypted volume stored in encrypted.tc as my X:

TrueCrypt can also mount a encrypt a whole volume, but I chose to only encrypt sensitive data in a file like this so that I don't waste time encrypting my music collection. Also, it allows me to keep the TrueCrypt installer right there alongside the encrypted volume so that I can plug in, mount, and go, even without an Internet connection.

Have fun!

No comments: