How? read on.
A “hidden” encrypted volume provides you with “plausible deniability” should the need ever arise. For example, if your drives were seized, and you were forced under order of court to reveal the password – then your hidden drive would provide an extra layer of security. How? We will first create an outer volume that is encrypted, and hide some fake files on there. Then within that encrypted outer volume, we will create a further encrypted volume. You end up with two password-protected volumes – and you can safely reveal the outer volume password – without revealing a secondary hidden volume. The TrueCrypt page has a more technical explanation of a Hidden Volume that you might want to read.
You will need
Since we’ve covered basic Truecrypt file and folder encryptions before, today I will be using an entire partition. This could be a USB hard drive or a second hard drive in your PC. This drive will be formatted entirely in the process, so make sure there is nothing important on it.
You will also need a copy of the latest TrueCrypt for your system, which you can download here. For this guide, I have used the Mac OSX version, but the interface is similar on Windows or Linux.
Create a Partition
Begin by plugging in your drive and creating a partition that we will encrypt. I showed you how to create a partition on Windows last week, but on my OS X installation I simply opened Disk Utility, find the drive in the left side, and click on the Partition tab on the right. I chose 1 partition, gave it a name, and clicked Apply.
Create Encrypted Volume
Launch TrueCrypt and click on Create Volume. Choose the second option, which says “Create a volume within a partition / drive“.
Next, choose to create a Hidden TrueCrypt Volume.
Be careful when you select the device on the next screen. If you gave your partition a helpful name, you should have no problem. Go ahead and select the device.
Next are the encryption options. The defaults are those deemed secure enough for top secret government documents, so it’s probably good enough for us.
Next, you will need to choose a password for your outer volume. Remember, this will be a password you rarely ever use, but will be the one you give up if forced to. It is very important that this password be substantially different to the one you will encrypt your hidden drive with.
The next screen is a little difficult to explain, but suffice to say the more you move your mouse around, the more secure your drive will be. Just do it for about 30 seconds or so, then click Format.
For my 160 GB USB drive, it took about an hour and half just to encrypt the outer volume. This is a one-off thing though, when you actually use the drive you need only enter the password.
Next, you need to copy some fake files to the encrypted disk. These can be anything, but ideally they should be private looking files, maybe some home movies – something you wouldn’t mind someone seeing if you were forced to reveal passwords. Warning: You shouldn’t write to this outer volume later, or your actual hidden volume may become corrupted. It is a fake storage container only to act as a diversion. Click on the button labelled Open Outer Volume, and start copying files in. Bear in mind that if you have a 1 TB drive and someone investigating finds only 100 MB of “secret” files, it may look a bit suspicious.
When you’re done copying, go back and click next. TrueCrypt will automatically unmount the drive and figure out how much space you have left for your real hidden volume. You can make it as large as you like, but I like to leave a little room on the outer drive in case someone were to accidentally write to it.
Make the outer volume in the same way, but this time make your password long, and really good. Include capital letters, lowercase letters, numbers and punctuation. A good tactic if you don’t like random passwords is to create a sentence around it like: 20MILLIONsecretF1l3$. When asked if you’ll be storing large files, I suggest you choose ‘yes’ as the world of computing moves rapidly, and even today some movies are over 4 GB in size. Best to future-proof the drive now.
Wait again while the outer volume is encrypted. You can now mount your secure hidden volume via TrueCrypt, as it won’t be mounted by default once the hidden volume is created. Just click Mount All Devices, and type in the correct password. You don’t need to type both your outer volume password and your hidden one – just the hidden one is fine.
If you leave your computer on a lot of the time, don’t forget to unmount the drive. After a restart or shutdown the computer, the volume will be automatically dismounted.
If you read through this far, then obviously you have something worth hiding, and by utilising a hidden encrypted volume, you give yourself a way out should things go awry. Why bother encrypting a drive if the big-brother police state you are living in has the power to legally demand the decryption keys, or send you to jail? Don’t be a sucker, just give them the wrong keys!
Download TrueCrypt and try it out.
Image credit: ShutterStock