Encrypting Thumbdrives

Category: Articles
Published on Thursday, 14 April 2011 Written by Matt

All companies should be concerned about security. I’m not encouraging small businesses to spend tens of thousands of dollars hiring security guards or raising explosive sniffing bloodhounds, but there are simple things that can be done to make your life easier. For instance, let’s say you lose your thumb drive. Was there anything on it that is sensitive? Are you really sure there isn’t?


The solution to this problem is a free encryption application called TrueCrypt. TrueCrypt is very feature rich; even allowing encryption of whole computers or

disk volumes. In this article, I’m going to focus on how I use Truecrypt to protect information on thumb drives.


Truecrypt works (in my implementation) by creating a container (file) on the thumb drive where it stores your encrypted files. This container is then mounted using a spare drive letter so access to these files is identical to using any other drive or folder. Depending on your skill level, the only tricky parts are creating the container (which is done only once) and then mounting/dismounting the container. I created shortcuts for the latter which I will share later.

Installing TrueCrypt

1. TrueCrypt can be found at http://www.truecrypt.org/downloads. It’s available for Windows, OS X and Linux. Download the appropriate version, double click on the executable, accept the license terms, and click Next.

2. For this application we really don’t want to install TrueCrypt, we want to extract it. The reason is eventually we will copy these files to the thumb drive so the application is available whenever you need it.

3. This next screen is asking for the location to extract TrueCrypt.  Pick someplace easy to find later.

When done, you end up with a folder like this:

4.  Make sure the thumb drive you want to use is empty and copy all the TrueCrypt files to it.

5.  Double click TrueCrypt.exe on your thumb drive.  The TrueCrypt management page will display.  You can ignore most everything on this form for now.  The only button we are interested in is the Create Volume button. Click it now.

6. A Volume Creation Wizard screen will be displayed.  We want to create an encrypted container on our drive so make sure this radio button is selected.  Click Next.

7. Now you have to select the volume type.  For now, select the Standard TrueCrypt volume button.  Click Next.

8. TrueCrypt now wants to know where to create the container.  Since I want to encrypt my thumb drive, I will enter a name located at the drive letter where it’s mounted.  Any name will work.

9. Now select your encryption and hash algorithm.  I would suggest you use the defaults.

10. Now select the size of the container.  In my case, my thumb drive is 2 GBytes so I entered a slightly smaller number so I would have room for unencrypted files later.  I wasn’t able to enter a decimal point, so I had to select MBytes and convert.  Click Next.

11. Enter an easily remembered password.  Pay attention to the text on this window.  Unless you select a password consisting of at least 20 characters, the application will complain on the next screen.  Click Next.

12.  This next part is a bit unusual as you move the mouse around inside this window for awhile to create your encryption key.  The more you move it the better your key?  It sounds good…  In any case when you get bored, click format.

Depending on the size of your thumb drive, it may take awhile to finish this step.  TrueCrypt is creating and encrypting the container at the location (your thumb drive) it will use to store your files.  You have an option to select FAT or NTFS file systems but you should select the one that your thumb drive uses.  If you don’t know, select FAT because that’s how most thumb drives are formatted.

13. Now the drive is ready!  If you click Next it will take your back to the beginning of the wizard.  Click Exit.
Creating Desktop Shortcuts

In order to use the container you just created you must mount it using a spare drive letter. You can do this by selecting the Mount button at the bottom of the management screen, but I created a couple of short cuts on my desktop to make it
easier.  To mount the drive the command is “J:\TrueCrypt.exe /l t: /m rm /v  j:\matt /p “wgaitlotjwyb” /b /q” without the quotation marks.  An explanation of the command follows:

 j:\TrueCrypt.exe is the drive letter where my thumb drive is currently mounted.  Choose your drive letter instead.

  •  /l – The drive letter I want the encrypted container mounted
  •  /m – Identifies this is a removable drive
  •  /v – The name and location of my encrypted container
  • /p- This switch is for my password. I work within a relatively secure environment and I don’t use this password for anything else. This shortcut isn’t stored on the thumb drive so if I lose it, I’m not compromised.
  • /b – Beeps when finished
  • /q – Automatically performs the command line and exits.  It’s not silent; the management screen is suppressed, but error message are still displayed

To dismount, the command is “J:\TrueCrypt.exe /d t: /q /b”

In the end, you need to select the encryption features to fit your needs. I place shortcuts on my desktop but perhaps your security needs are different.

Copyright © 2011 Technology Lifeline. All Rights Reserved.