On-the-Fly Encryption with TrueCrypt

Technical Introduction from TrueCrypt.org

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt.

Practical Use

Some of the above technical description might sound too complex to be used by a normal (non-technical) computer user. However, in reality TrueCrypt is very simple to use. Lets say you have some important and confidential files such as MS Word documents, Powerpoint presentations, PDF documents, and your emails.  You want to have all of this data on your computer or USB drive, however only YOU should be able to read it even if someone else has physical access to the system.

TrueCrypt Volume

After installing TrueCrypt on your computer, you need to create a volume. A volume is nothing but a logical disk partition that will contain all your secured and encrypted data. This volume will reside as a normal file on your computer. You can give it any name, e.g. “My Encrypted Data”. While you create your volume you will be asked to mention the volume location, encryption algorithm (AES, Twofish, etc), volume size, and the volume password.

Mount Volume

Once you have created a volume, you can then mount it on your computer as a normal drive and use it just like you would use your C: or D: . The benefit you get here is just before the data is written to the mounted drive it is encrypted and likewise decrypted when data is read from it. When the drive is unmounted, the volume resides on your computer like a regular data file with some encrypted binary text that no one can understand. The volume container can be treated as a regular file and can be copied on USB or transferred to another computer where it can be mounted to a drive again using TrueCrypt, thereby giving you portability with your secured data.

TrueCrypt is an open source application and is FREE. If you are skeptical about using a freebie application for protecting your confidential data, think again. Some of the best brains in the realm of security (Bruce Schneier, Joanna Rutkowska) have given it a serious look in terms of breaking its security. Like every security system hackers will continuously try to break it while the application will evolve to thwart these attacks. Having said that, TrueCrypt is quite an impressive tool to achieve security and confidentiality of your important data without having to pay for commercial products which pretty much do the same thing.