Installation Guide – Setting up tCrypt2Go and vCrypt2Go to Encrypt Portable Hard Disks

Warning: This guide is for system administrators or experienced enthusiasts. It may involve a steep learning curve if you are a novice, and risk breaking systems or losing data if the involved low-level system tools (such as diskpart) are not used carefully. There is no guarantee. One way to avoid risk is to engage professionals to perform the process on one of the freelancing platforms.
This is an article for users illustrating how to encrypt a portable hard disk (click here if you have a thumb drive or memory card instead) as a partition for use with tCrypt2Go lock-and-unlock utilities for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified).

(This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go)

List of Steps

  1. Creating 2 Partitions and Copy TrueCrypt/VeraCrypt Files to the Partition Labelled UNPROTECTED
  2. Eliminating Free Space on UNPROTECTED Partition (Preventing Users from Saving Files into Unencrypted Area)
  3. Encrypting Second Partition with TrueCrypt/VeraCrypt
  4. Unlocking Encrypted Partition
  5. Labeling Encrypted Partition as 'PROTECTED'
  6. Copying TrueCrypt/VeraCrypt Files to Encrypted Partition
  7. Suppressing 'Format Disk' Prompt with Diskpart
Note: This method is slightly more difficult than setting up tCrypto2Go/vCrypt2Go for devices of the Removable Media type (such as a thumb drive or memory card). For a simpler approach (if partitions are not a must for you), you may read the Installation Guide for USB Thumb Drives (Removable Media) instead which leverages TrueCrypt/VeraCrypt container instead of partition. Containers (encrypted virtual disks) are supported by every device type (including USB hard disks and thumb drives), while what is described below is supported only by devices of the Fixed Disk type (such as a USB hard disk). 

Required Files
Supported Hardware
  • A portable drive of Fixed Disk type (such as a USB hard disk, NOT thumb drive or memory card.

1. Creating 2 Partitions and Copy TrueCrypt/VeraCrypt Files to the Partition Labelled UNPROTECTED

To encrypt portable drives of a Fixed Disk type (where more than one partition is supported), there will be two partitions. We need to partition both using the Disk Management utility in Windows.

a. Connect a portable drive to be encrypted to a PC running Windows 7 or above. (required for an option in newer diskpart)

b. Run Disk Management (press "Win+R" hotkey, enter "diskmgmt.msc")


c. Create two partitions. smaller one: 20MB. larger one: All available space. The smaller partition should be formatted as FAT32, while the larger one can be anything at this stage.
Label the smaller partition "UNPROTECTED" (to make it clear to the user that it is the gate to the PROTECTED drive to be unlocked using TrueCrypt/VeraCrypt via vCrypt2Go lock-and-unlock utilities.)

(Also, identify and write down the disk number and partition number of the encrypted partition on this screen. It will be required in section 3 while using diskpart. In this case, disk number is 1, encrypted partition number is 2)


Download and extract "tCrypt2Go and vCrypt2Go.zip" and copy all files under "tCrypt2Go\Hard Disk" or “vCrypt2Go\Hard Disk” folder to the root of the UNPROTECTED drive:
  • .DO_NOT_DELETE (hidden from Windows with a hidden attribute)
    • TrueCrypt/VeraCrypt for Mac
      • README.txt
      • TrueCrypt.dmg/VeraCrypt.dmg (optional: download TrueCrypt or VeraCrypt and store the original Mac installer here)
    • TrueCrypt/VeraCrypt for Windows
      • README.txt
      • TrueCrypt Setup.exe/VeraCrypt Setup.exe (optional: download TrueCrypt or VeraCrypt and store the original Windows installer here)
    • Lock_Mac.command
    • Unlock_Mac.command
    • tc.exe/vc.exe (REQUIRED: download TrueCrypt or VeraCrypt and perform installation or extraction, then copy TrueCrypt.exe or VeraCrypt.exe here and rename them as tc.exe or vc.exe)
    • TrueCrypt.sys/VeraCrypt.sys (REQUIRED: as above, copy TrueCrypt.sys or VeraCrypt.sys here)
    • truecrypt-x64.sys/VeraCrypt-x64.sys (REQUIRED: as above, copy TrueCrypt-x64.sys or VeraCrypt-x64.sys here)
  • AUTORUN.INF (to prevent older Windows versions from executing malware triggered via Autorun mechanism; hidden from Windows with a hidden attribute)
  • .Unlock.exe (unlock utility for Windows; hidden from Mac with a preceding dot)
  • .Lock.exe (lock utility for Windows; hidden from Mac with a preceding dot)
  • Lock.app (lock utility for Mac; hidden from Windows with a hidden attribute)
  • Unlock.app (unlock utility for Mac; hidden from Windows with a hidden attribute)
  • ._Lock.app (specifies an icon for Mac; hidden from Windows with a hidden attribute)
  • ._Unlock.app (specifies an icon for Mac; hidden from Windows with a hidden attribute)  
e. Ensure only the folders highlighted below are configured with hidden attributes
Image(6)[6]

f. Right-click "DO_NOT_DELETE" folder, choose "Properties"

Configure the hidden attributes accordingly. Also, ensure "Read-only" is not set on all folders except AUTORUN.INF; otherwise, the drive cannot be written.


2. Eliminating Free Space on UNPROTECTED Partition (Preventing Users from Saving Files into Unencrypted Area)

After copying the files, the disk will still have a few megabytes of free space:


Record the red-circled area above, it will be used in step 2b. (In above example, it is 3510272)

We need to eliminate that so that user will not be able to put any file unencrypted at all.

a. Run Command Prompt as Administrator
b. Create a dummy file by entering fsutil file createnew DUMMY_FILE {input here the free space shown above without commas}


c. Finally, copy DUMMY_FILE into "UNPROTECTED\DO_NOT_DELETE"


d. The end result shows that there is no free space left.


3. Encrypting Second Partition with TrueCrypt/VeraCrypt

Note: the screenshots below are from TrueCrypt only, as there is not much difference between TrueCrypt and VeraCrypt.

a. Download and run TrueCrypt Setup/VeraCrypt Setup (see step 1c above for the location of this file) and install the program, or specify to extract the files to a location.
b. In extracted or installed directory, run "TrueCrypt Format.exe/VeraCrypt Format.exe"


c. Select "Encrypt a non-system partition/drive".


d. Select "Standard TrueCrypt/VeraCrypt" volume.


e. Choose "Select Device".


f. Highlight the partition to be encrypted.


g. Choose "Next".


h. Create encrypted volume and format it.


i. For "Encryption Algorithm" and "Hash Algorithm", choose any settings as desired.


j. Enter the maximum available size to be encrypted.
Image(62)[12]

k. Enter a secure password twice.
Image(63)[12]

l. "Yes" for Large Files.
Image(64)[12]

m. Choose any desired file system (according to the explanation at the top of this guide). In this example, the below are selected:
  • Filesystem: NTFS; Cluster: Default; Quick Format: Checked
It is required to keep moving the cursor around the window for few seconds, then start formatting by clicking "Format".

(Note for exFAT and TrueCrypt users: Unless you use VeraCrypt, this TrueCrypt format tool cannot format a drive as exFAT. TrueCrypt users need to perform it in the Command Prompt. See Optional section for how.)
Image(65)[12]

n. Answer "Yes" if the below warning is prompted.
Image(66)[12]

o. Answer "OK" if the below warning is prompted.
Image(67)[12]

p. Click OK and Exit to complete the procedure.
Image(68)[12]

Image(69)[12]

4. Unlocking Encrypted Partition

a. Unlock by double-clicking "UNPROTECTED\.Unlock.exe".
Image(70)[12]

(Note: If you are mindful, you may have noticed in the example above, there are no preceding dot characters and the Mac-related files are removed. You may do so only if you do not require Mac support.)

b. Enter password.
Image(71)[12]

c. Then the encrypted partition will be unlocked as below (E:\). Right now it is empty.
Image(72)[12]

5. Labeling Encrypted Partition as 'PROTECTED'

a. Open "Computer". Label the encrypted partition 'PROTECTED'.
Image(73)[12]

b. Run "diskmgmt.msc", confirm the partition layout and labels are as follows:
Image(74)[12]

(Note: the volume labels may not always show on Windows, but it does on Mac. It is recommended to name them so for easier identification.)

6. Copying TrueCrypt/VeraCrypt Files to Encrypted Partition

Now, we will copy a few files there so that users can easily lock it within the encrypted partition.

a. Copy the a few files from step 1d here (so that users can conveniently lock the drive after use)
  • .DO_NOT_DELETE (hidden from Windows)
  • AUTORUN.INF (hidden from Windows)
  • Lock.app
  • ._Lock.app (hidden from Windows)
  • .Lock.exe
b. Ensure only the highlighted folders/files below are configured with a hidden attribute.
Image(75)[12]

c. Double-click ".Lock.exe" to test. If the encrypted partition letter (e.g. E:) becomes unmapped (dismounted), it works!

7. Suppressing "Format Disk" Prompt with Diskpart

There could be an annoying imperfection – whenever the drive is connected, Windows will asks whether you want to format it or not.
Image(33)[12]

To work around the issue, use the command line disk partitioning tool "diskpart" to modify the partition type to 0x64. (Please make sure the below procedure is performed on Windows 7 or later only.

a. Run Command Prompt as Administrator
b. Enter diskpart
Image(34)[12]

c. We will now use what was written down in section 1c. (disk number and partition number)
For this example, enter select disk 1
Image(35)[12]

d. Enter select partition 2
Image(36)[12]

e. Enter set id=64
Image(37)[12]

Finished.

List of Articles on tCrypt2Go/vCrypt2Go

Welcome to support this project by buying a cup of coffee ☕ if this tool is useful to you. 😊 Thanks!

Comments