Keep Research Data

Encrypt data using Securely

Data Encryption
Beginner

TrueCrypt
Introduction
This document describes how users may encrypt their data using TrueCrypt, in order to
protect the content from unauthorised access and use.

What is Encryption?
Encryption is a process through which data – digital or otherwise – is encoded in a form
that makes it difficult to read unless you possess an appropriate decoding method. It
may be compared to the process of storing an object in a locked box that possesses
only one key. To gain access to the object, the recipient must possess a key capable of
opening the box or the necessary tools to break it open.

Encryption is commonly used applied to protect confidential or sensitive data from

access by non-authorised third parties. The need to encrypt specific types of research
data is established in Principle 7 of the Data Protection Act which outlines the need to
apply “appropriate technical and organisational measures” to prevent “unauthorised or
unlawful processing of personal data”, i.e. information that identifies living individuals.

Further information on data encryption can be found on the Research Data

management website at http://www.lshtm.ac.uk/research/researchdataman/.

What is TrueCrypt?
TrueCrypt is a free, open source encryption tool for use in encrypting a set of files, disk
partition, or entire drive. It applies a technique called On-the-fly encryption, which
transparently encrypts/decrypts data being accessed, without the need for user
intervention. The software is available for several operating systems, including
Microsoft Windows, Mac OS X and Linux.

Further information on the tool, including download links, is available from

http://www.truecrypt.org/.

1. Download and install TrueCrypt

1. Visit http://www.truecrypt.org/downloads and download the appropriate version for

your operating system.
2. Locate the relevant folder containing the downloaded file and execute it.
3. Perform the steps required by the installer
a. Review the licence conditions.
b. Select the “Install” option box and press NEXT

Library & Archives Service

www.lshtm.ac.uk/library/
[email protected]
+44 (0)20 7927 2276
 c. Review the various installation settings (installation location, user accounts
that have access to the software and others). If you are happy with the
settings, press NEXT to begin installation.

A message should appear stating "TrueCrypt has been successfully installed" should
appear. Click the FINISH button to close the installer.

2. Create a TrueCrypt file container to hold encrypted data on your computer

TrueCrypt supports the ability to protect a storage device from unauthorised access at
three levels. It may be used to:

1. Encrypt a disk in its entirety

2. Encrypt one or more partitions on the disk
3. Create an encrypted container that may be used to hold sensitive and personal
information.

The third category represents the simplest and most flexible approach to creating an
encrypted storage area, without the need to change the rest of the disk. When viewed
through Windows Explorer, the encrypted container appears as a normal file. However,
when mounted using TrueCrypt, it becomes a virtual drive that may be used to save
and load data files, similar to any other drive.

Figure 1: A Container file becomes a virtual drive when mounted using TrueCrypt

This tutorial will describe the steps necessary to create an encrypted container. If you
have previously created a TrueCrypt file container, or are using one that has been
created by someone else, you should move to Stage 3 for information on mounting the
virtual drive.

1. When initiated, TrueCrypt will display the Volume Window. Click the CREATE
VOLUME button (labelled with a red rectangle in Figure 2) to initiate the A
‘TrueCrypt Volume Creation Wizard’.

LSHTM RDM Support Service 2 Encrypt data using TrueCrypt

 Figure 2: TrueCrypt Volume Window

2. The first screen of the ‘TrueCrypt Volume Creation Wizard’ requests the user to
specify the type of encrypted drive they wish to create. Three options are available,
each of which is described below.

Option Option Usage Description

No. Title Scenarios
1 ‘Create an Create an Enables creation of an encrypted file for data
Encrypted encrypted file storage. This will appear as a normal, but
file in which to potentially very large, file in Windows Explorer.
container’ store data However, when mounted via TrueCrypt it may be
accessed in the same way as other devices,
allowing the user to create, modify, and delete files.
2 ‘Encrypt a Encrypt a non- Enables creation of an encrypted partition on a
non- bootable drive storage device. This provides the option to:
system partition • Format a partition as an encrypted drive,
partition/ removing all data in the process
drive’ • Convert a partition and all of its data using the
‘encrypt partition in place’ option
The latter is only possible if the user uses Windows
Vista or later, TrueCrypt 6.1 or above, and the
NTFS file system.

This option may be used for non-bootable disks

only, i.e. those that do not contain installed
operating system, such as MS Windows.
Encrypt a Enables the creation of an encrypted drive, such as
portable disk, a portable hard disk or memory stick.
such as a
memory stick This option may be used for non-bootable disks
only, i.e. those that do not contain installed
operating system, such as MS Windows.
3 ‘Encrypt Encrypt a boot Enables the encryption of a bootable
the system drive desktop/laptop drive in its entirety, irrespective of
partition or the number of partitions
entire
system
drive’
Encrypt a boot Enables the encryption of a bootable partition,
partition which contains an installed operating systems, such
as MS Windows

LSHTM RDM Support Service 3 Encrypt data using TrueCrypt

 For this exercise, we shall perform the 1st choice – create an encrypted file
container. Ensure that this option is selected and press NEXT.

3. Select the ‘Standard TrueCrypt Volume’ option in the Volume Type window and
press NEXT.

4. Press the ‘Select File’ button to:

• Choose the directory where the file container will be held
• Apply a descriptive filename
• Ensure that the ‘Save as type’ drop-down menu in the ‘Select file’ dialog box
is set to ‘TrueCrypt volumes (*.tc)’

5. Choose an appropriate encryption algorithm to use (see Figure 3). For most
purposes, AES is sufficient, balancing security with access speed.

Many security experts believe that a ‘cascaded ciphers’ involving the use of 2-3
levels of encryption offers greater security, e.g. ‘AES-Twofish-Serpent’ or ‘Serpent-
Twofish-AES’. This works by encrypting data using algorithm A (e.g. AES), the
output of which is encrypted using algorithm B (e.g. TwoFish), followed by algorithm
C (e.g. Serpent). If an unauthorised user is able to decode the algorithm C layer,
they will need to decode algorithm B and A to gain access.

Figure 3: Encryption options

6. Select an appropriate hash algorithm using the drop-down menu - SHA-512 or

Whirlpool is recommended.

7. Specify the desired size of the TrueCrypt container:

• If you require a 2 gigabyte container that can be written to a DVD, enter
‘2’ in the text box and select the ‘GB’ option.
• If you require a 500 megabyte container, enter ‘500’ in the text box and
select the ‘MB’ option
Press NEXT to move to the subsequent screen.

8. Choose a suitably strong password. General rules to follow include:

• Use a password consisting of 20 or more characters. TrueCrypt will display
an error message if you enter a password of 19 characters or less.
• Use numbers to improve the password security, e.g. abc123, abc2014.

LSHTM RDM Support Service 4 Encrypt data using TrueCrypt

 • Do not use a single, well-known word that may be found in a dictionary.
Instead, combine multiple words (e.g. “act-consortium-2014-project-data”) or
create your own (actprojfiles2014).
• Use a combination of upper and lowercase letters, e.g. Act-Consortium

9. The Volume Creation Wizard will ask for information on the maximum file size that
you intend to store, in order to determine the most appropriate file system to use.
• Select YES if you are likely to create or store a file that is 4GB or more in size
(roughly equivalent to the capacity of a DVD). This will necessitate the use of
‘NTFS’.
• Select NO if you are unlikely to reach the 4GB limit.

10. The Volume Creation Wizard will ask you to choose the file system to use:
• ‘NTFS’ is the best option to use for most purposes;
• ‘FAT’ may be useful if you are working with colleagues who use older or non-
Microsoft operating systems,

The ‘Cluster’ drop-down menu and ‘Dynamic’ checkbox may be left in their default
position. Press the ‘FORMAT’ button.

11. Once the virtual disk has been formatted, a ‘Volume Created’ message will appear.
From this menu, you have the option to:

1. Create a second encrypted volume by pressing ‘NEXT’

2. Close the Wizard interface by pressing ‘EXIT’.

3. Access an existing encrypted drive

To access an existing file container, perform the following actions:

1. Select a drive letter from the available list through which you intend to access the
virtual drive (see A. in Figure 4).
• It may be helpful to choose ‘T:’ in the first instance, to help you to identify it
as a TrueCrypt virtual drive.

2. Click SELECT FILE and locate the relevant file on your hard disk. Once chosen, the
path and filename should appear in the Volume menu (B in Figure 4).

3. Click the ‘Mount button (C in Figure 4).

LSHTM RDM Support Service 5 Encrypt data using TrueCrypt

 Figure 4: Virtual drive selection

4. If a TrueCrypt-produced encrypted file has been selected, you will be prompted to

enter an access password. To view the text as you enter it, click the ‘display
password’ checkbox (see Figure 5).

The ‘Mount Options’ menu contains various settings related to drive access. If you
do not wish to accidentally change files held in the encrypted drive, for example, it is
advisable to mount the volume as read-only.

Figure 5: Virtual drive mount options

Press OK when you have entered the correct password and configured relevant
settings.

LSHTM RDM Support Service 6 Encrypt data using TrueCrypt

5. Finally, view the list of drives in Windows Explore to confirm that the file container
has been mounted correctly, as shown in Figure 6.

Figure 6: The TrueCrypt encrypted virtual drive in Windows Explorer

4. Sharing the encrypted file with colleagues

To share the TrueCrypt file container with a colleague, you should follow the following
two-stage process:

a. Send a copy of the encrypted file container to the intended recipient using an
appropriate method, e.g. memory stick, SFX Secure File eXchange, cloud
storage service.

b. Communicate the password to the intended recipient(s) via telephone, email, or

other methods. To minimise the risk of interception, the password MUST NOT
be stored with the file container itself.

How do I get more help?

The LSHTM Research Data Management Support Service provides advice and
guidance on topics related to the creation, management, and sharing of research data.
Information material and contact details are available at
http://www.lshtm.ac.uk/research/researchdataman/.

LSHTM RDM Support Service 7 Encrypt data using TrueCrypt