Encrypted thumb drive and autoplay howto

I have a Sandisk Cruzer Micro USB thumb drive that I carry around with me. Last weekend I spent a bit of time setting it so that all my data is securely encrypted using the excellent open source software calledTrueCrypt. I also managed to get Windows autoplay working on the drive so I can access the data with the least amount of annoyance. Actually it's about as easy as it's ever going to get. I stick my drive in, an autoplay menu pops up with "Mount Truecrypt Volume" as the default choice, I hit enter, type my password, hit enter again and that's it. Here's how I did it.

Requirements

• TrueCrypt. Download here.
• Windows XP with Service Pack 2. Prior to SP2 you couldn't do autoplay on removable drives. You can do everything else described here though.
• A USB thumb drive. No special requirements. Any old one will do.

TrueCrypt files

• Move all your data off your usb drive so it's empty.
• Install TrueCrypt on your PC.
• From the TrueCrypt application directory (usually C:\Program Files\TrueCrypt\) copy TrueCrypt.exe to your usb drive.
• From your Windows drivers directory (probably C:\Windows\system32\drivers\) copy truecrypt.sys to your usb drive.

  Note: The TrueCrypt download is a zip file. Inside the zip file is a folder called Setup Files that contains both TrueCrypt.exe and truescrypt.sys so it's possible to skip steps 2, 3 and 4 above and just copy the two files straight from that folder to your flash drive.

Autorun file

• Create another file on your flash drive called autorun.inf. Paste in the following:

  [autorun]
  label=Cruzer
  icon=truecrypt.exe
  
  action=Mount TrueCrypt Volume
  open=truecrypt /v data.tc /lz /q /a /m rm /e
  
  shell=mounttc
  shell\mounttc=&Mount
  shell\mounttc\command=truecrypt /v data.tc /lz /q /a /m rm /e
  
  shell=dismounttc
  shell\dismounttc=&Dismount
  shell\dismounttc\command=truecrypt /dz /q
  
  shell=runtc
  shell\runtc=Run &TrueCrypt
  shell\runtc\command=truecrypt
  
  

• The /lz and /dz above means you will mount your encrypted volume using drive letter Z. Change Z to something else in all three places if you want to use another drive letter.

Check the TrueCrypt manual to see what the other command line options do. You might want to tweak them to suit your preferences.

• Change the label if you want to. You can also change the icon which is the icon that your usb drive has in My Computer. (I use an .ico file that I copied to my thumb drive also).

Note: In a file with more than one icon you can specify which icon you want by putting a comma then the icon number, egicon=c:\WINDOWS\system32\SHELL32.dll,12

• So far your drive should look something like this:...except for the file data.tc. That's the file that will contain all your encrypted files that we will create next.

Creating the encrypted volume

• Run TrueCrypt from your start menu and click "Create Volume".

Note: If you didn't bother to install TrueCrypt in step 2, you can just double click TrueCrypt Format.exe in the Setup Files folder.

• Choose "Create a standard TrueCrypt volume" (the default).
• Type L:\data.tc at "Volume Location" where L is the drive letter of your flash drive.
• Choose your favourite encryption algorithm. (Don't ask me!)
• Select a volume size. This is how much space you will have on your encrypted volume.

  I like to make it fill the entire remaining space on the thumb drive. You make it fill it exactly by doing this:

  • Get the free space in bytes of your flash drive by right clicking it in My Computer and clicking "Properties".
  • Divide this number by 1024 to get kilobytes.
  • Back in TrueCrypt, select KB and type the number.

• Make up a password and enter it. Remember your password because there is no way to crack it. That's the point of secure encryption.
• Wiggle your mouse a bit for extra randomness, then click "Format".
• When formatting is finished click "Exit" to exit.
• This concludes the setup process. The hard part is now over!

Usage

• Remove your thumb drive in the usual way. (Click the "Safely Remove Hardware" icon in your Systray, select the drive to remove, then yank it out).
• Put it back in again. If the autoplay stuff is working you should see this:
• Click OK. You should then see this:
• Enter your password and up comes your encrypted drive. Voila!
• You can now put all your files back on it. They are now securely encrypted and can't be accessed without your password.
• To dismount
  • Go to My Computer. Right click on your flash drive icon.
  • Notice the menu options include Mount, Autoplay, Dismount and Run TrueCrypt.
  • Choose Dismount to dismount the volume.
• Other notes
  • Note that to open your flash drive now you have to right click and choose Openbecause a double click will run the Mount shell extension.
  • You can also mount and dismount and change your password from the TrueCrypt program on your thumb drive. Read the TrueCrypt manual for more information.

    Note: If you come to a PC where your chosen drive letter is already taken you can run TrueCrypt manually and mount your drive with a different drive letter.

  • You can backup all your secure data just by copying your data.tc to your C: drive.
  • I recommend adding a shortcut (to your real drive, not the virtual one) to your Quick Launch Bar for convenience. You can then access the right click menu from the shortcut.