Friday, May 6, 2011

Getting Started with Truecrypt and OSX

If you like encryption, and you like OSX, and who doesn't? then you could look at Truecrypt. For a non-cost program its very good.

Firstly download it from www.truecrypt.org/downloads, and then install it.



Then launch the program.



Click Create Volume, and you get the Volume Creation Wizard


You need to understand these options!

"Create an encrypted file container" is very similar to using Disk Utility to create an encrypted disk image.

"Create a volume within a partition / drive" will take a drive or partition, and destroy all the data on it. This is what I do because otherwise I would use Disk Utility.

Choose wisely, then click next.


I create a standard volume because I'm not super paranoid - this is just my photos!. Read about hidden volumes.

Click select device


and click Yes for the get out of jail free dialog - nearly your last chance!



Then you have to select your cyphers. They have different computational loads, so you can benchmark your system to see which is fastest. If you lucky and have an i7 or some i5 MacBooks you might get AES hardware acceleration which speeds encryption 4-8x. No such luck for me.



make your selection


now we move to choosing a password. For anything really sensitive you can also choose Key Files. What that means is that as well as knowing the password, you need the key file as well ie two factor authentication.




large file check


file system selection. If in doubt use FAT, as long as you select 4Gb option.


if in doubt select "mount volume on other platforms"


move you mouse lots and randomly! The movement is used to create seed numbers and you want as random as possible



Then click format


Final chance! If you say yes then your drive is wiped. For a 320Gb on USB it took about 6 hours, which was a lot quicker than PGP.



When its done you need to mount the drive.

Click "Select Device". You might asked for your password.


USB drives for me show as /dev/rdisk1s1 - check by looking at the size




Then click "mount" and put in your password for the volume


and thats it!. The volume mounts on your desktop, and it then behaves just like a regular drive




When you plug in your drive, you will likely get what looks like a bad warning "The disk you inserted was not readable by this computer". Click "ignore", because OSX cannot read this drive, its encrypted, remember?


Update: when you are done with an external HD and want to eject it, you must go back to the TrueCrypt window, select the device (at the top) and then you'll get a "Dismount" button. Click Dismount and after a few seconds you'll be able ti unplug the drive. Thanks for the suggestion Kim!




5 comments:

chris said...

Nice quick set of screenshots. I've been meaning to try TrueCrypt.. right now I just have my most important data in encrypted sparse bundles.
chris

Jack Donno said...

Steve,

I have done exactly the same as you have shown and do indeed get a warning from MAC os x as described in your post. The real problem is that my usb flash drive does not appear on truecrypt either. Could you please advise me how i can mount and start using my usb drive?

Thanks

Steve Mansfield said...

Jack, do you ever see the flash drive in Truecrypt's device list?

Kim said...

Thanks Steve, this is useful. Jack, remember to choose "select device" instead of "select file" in TrueCrypt. Hopefully it shows up there?

Steve, I have a question that is related to dismounting a device. I am using Mac OSX, and as it doesn't recognize that a device is plugged in, I cannot eject it the normal way. Is it the case that dismounting the device from TrueCrypt means I can simply unplug it without doing any additional special kind of eject, even if the light on the device is on to imply it needs ejecting?
Thanks!

Steve Mansfield said...

Hi Kim

In the TrueCrypt window when a drive is mounted one of the buttons will become a "dismount"button, so click this when you are done with the drive.

I updated the post with a new screenshot, so thanks for the question!