Site search is available on home page

Create and use TrueCrypt volumes

By , Last modified: 2015-02-28.

How to create, mount and dismount TrueCrypt volumes in Windows XP, Vista, 7, 8 and 8.1

First, it might be necessary to set some preferences to ensure your encrypted data will not be accidentally accessible to others. Open TrueCrypt from Start menu/Start screen or by right-clicking the program's icon in Taskbar Notification Area (aka System Tray) and clicking the Show TrueCrypt command.

In TrueCrypt window, open Settings menu and click Preferences.
TrueCrypt main window. Open Settings menu and click Preferences.

In the TrueCrypt - Preferences window, activate the Start TrueCrypt Background Task option. This ensures that TrueCrypt icon is available in Notification Area/System Tray.
In the Auto-Dismount section, always enable the User logs off and Force auto-dismount even if volume contains open files or directories options to prevent others from accessing your encrypted files. Those who have more at stake, should also enable the Screen saver is launched and Auto-dismount volume after no data has been read/written to it for 60 minutes check boxes for maximum security. The Entering power saving mode option is not that useful, as TrueCrypt has some difficulties with auto-dismounting volumes in such cases.
Please note that Auto-Dismount settings do not affect encrypted system drives or partitions.
Other settings are fine by default. Click OK.
TrueCrypt - Preferences. Enable the 'Start TrueCrypt Background Task' option. Then put a check mark into 'User logs off' box in the Auto-Dismount section. Click OK.

Creating TrueCrypt volumes in Windows

TrueCrypt volumes are special encrypted containers that you can be mounted as virtual disks/drives. If you want to move your sensitive documents into a TrueCrypt volume, it must be large enough to contain these and preferably have some spare space for future expansion, too. A volume itself is actually a normal file and can be copied, moved or deleted as usual: you can even carry the volume with you on USB thumb drives or sync it using some cloud backup service.

Open Volumes menu in TrueCrypt main window and click Create New Volume.
TrueCrypt. Open Volumes menu and click Create New Volume.

TrueCrypt Volume Creation Wizard appears. Leave the default option, Create an encrypted file container selected and click Next.
TrueCrypt Volume Creation Wizard. Click Next to create an encrypted file container.

In the Volume Type screen, click Next again to create a Standard TrueCrypt volume.
TrueCrypt Volume Creation Wizard, Volume Type. Leave 'Standard TrueCrypt volume' selected and click Next.

Click Select File in the Volume Location screen to select a folder and create a new file. Do not select any existing files here - these will be overwritten during the volume creation process!
Those who need more security should enable the Never save history option here.
TrueCrypt Volume Creation Wizard, Volume Location. Click Select File.

Now a standard Windows browsing dialog opens. Open the folder you need and specify a new file name. To make the file automatically open with TrueCrypt after a double-click, add the extension ".tc" to the end of the file name - for example, "". To stay on safer side, add no extension to the file name or use some extension that makes people believe the file is not an encrypted volume - for example, ".avi" for larger encrypted volumes might trick others into thinking that this is a video file.
Again - do not select an existing file here - otherwise the file will be overwritten! You can move existing file to the encrypted volume later.
Click Save.
TrueCrypt, Specify Path and File Name. Find the folder you need. Then specify a new file name and click Save.

Click Next back in the Volume Location screen to move on to the Encryption Options dialog.
In most cases, the defaults (AES and RIPEMD-160) are fine as this is the fastest encryption-decryption option TrueCrypt offers. Those very concerned about security of their files can select even stronger algorithms for encryption and hashing, while sacrificing some speed of operation.
Click Next to move on.
TrueCrypt Volume Creation Wizard, Encryption Options. Leave AES for Encryption Algorithm and RIPEMD-160 for Hash Algorithm. Click Next.

In Volume Size screen, specify the size of the new volume. Amount of free space on selected drive is shown below. Please remember to create a volume that has some spare capacity for future growth.
Click Next.
TrueCrypt Volume Creation Wizard, Volume Size. Specify the size of the encrypted volume and click Next.

Next, create a strong and unique password for the encrypted volume - and make the passphrase longer than usual (at least 20 characters). Try using free Password Safe for storing and auto-filling user names and passwords securely.
After filling Password and Confirm fields, enable the Use keyfiles option and click the Keyfiles button. Keyfiles will serve as additional protection for the volume and make cracking the protection much harder.
TrueCrypt Volume Creation Wizard, Volume Password. Type a new password into Password and Confirm fields. Turn on the 'Use keyfiles' option and click the Keyfiles button.

Keyfiles are files that should never change. If a keyfile changes, you will lose all access to your encrypted volume (unless you have a valid backup of keyfiles). That's why you should create new keyfiles instead of selecting existing files or folders.
Click Generate Random Keyfile on the bottom right of the TrueCrypt - Keyfiles window.
TrueCrypt - Keyfiles. Click Generate Random Keyfiles.

TrueCrypt Keyfile Generator opens. Move your mouse randomly in the window for at least 1 minute before clicking Generate and Save Keyfile.
Create and save at least two keyfiles this way.
Please store encrypted volumes and keyfiles in different folders to avoid easy guessing of your keyfile location. Do not use any variant of "keyfile" in the file name - use random names instead. If possible, save keyfiles to an external drive (USB thumb drive or a memory card) and keep a backup of the files.
Click Close after you are done.
TrueCrypt - Keyfile Generator. Move your mouse really randomly for at least one minute in the window. Then click 'Generate and Save Keyfile'.

After you've generated and stored all keyfiles, click Add Files back in the TrueCrypt - Keyfiles window.
TrueCrypt - Keyfiles. After generating keyfiles, click Add Files.

Locate and select the keyfiles you just generated and click Open in common Windows browsing dialog.
TrueCrypt, Select Keyfile. Find and select the keyfiles you generated and click Open.

Click OK in TrueCrypt - Keyfiles window after adding the keyfiles. Then, back in the Volume Password window, click Next.
TrueCrypt Volume Creation Wizard, Volume Password. After creating and adding keyfiles, click Next.

If you specified a password shorter than 20 characters, TrueCrypt will warn you that such passwords are easy to crack. If your password is at least 12 characters long and you use at least 3 keyfiles, it is safe to click Yes here.
TrueCrypt Volume Creation Wizard, WARNING: Short passwords are easy to crack using brute force techniques! Click Yes only if your password is at least 12 characters long AND you have added at least 3 keyfiles.

In the Volume Format window, select the filesystem you need. For encrypted volumes that will not store files larger than 4 gigabytes, FAT is fine. If you need to store large files or need additional file system security, select NTFS instead. Default cluster size is fine.
Click Format.
TrueCrypt Volume Creation Wizard, Volume Format. Select FAT filesystem if you do not need to store files over 4 GB in size. Otherwise, select NTFS. Then click Format.

Depending on the size of the volume, it might take some time to create and format it. After the process is complete, click OK.
TrueCrypt Volume Creation Wizard, volume has been successfully created. Click OK.

In the Volume Created window, click Exit if you do not want to create more encrypted volumes. If you do, click Next and start over.
TrueCrypt Volume Creation Wizard, Volume Created. Click Exit.

Mounting TrueCrypt volumes

To mount an existing encrypted volume, open TrueCrypt main window using its Taskbar Notification Area (System Tray) icon or Start menu.

Click any listed available drive letter and then click Select File. Those very concerned about the safety of their files should ensure that the Never save history option is active.
TrueCrypt main window. To mount a volume, click a drive letter. Then click Select File.

Locate the volume you want to mount and click Open.
TrueCrypt, Select a TrueCrypt Volume. Click the volume you want to mount and click Open.

Next, click Mount.
TrueCrypt main window. After selecting a volume, click Mount.

In the Enter password dialog, type the passphrase. Then turn on the Use keyfiles option and click Keyfiles.
TrueCrypt, Enter password. Type your passphrase. Put a check mark into 'Use keyfiles' box and click Keyfiles.

The TrueCrypt - Keyfiles window, familiar from volume creation wizard, appears. Click Add Files.
TrueCrypt - Keyfiles. Click Add Files to locate required keyfiles for the volume.

Locate the keyfiles associated with the TrueCrypt volume and click Open.
Back in the TrueCrypt - Keyfiles window, click OK.
TrueCrypt - Keyfiles. Click OK after adding the required keyfiles.

Back in the Enter password window, click OK.
If password and keyfiles were correct, the volume appears mounted in TrueCrypt main window.
TrueCrypt, main window. An encrypted volume has been mounted as drive F.

TrueCrypt icon in Taskbar Notification Area will turn from blue to brown - this shows that a volume is mounted and encrypted files are usable.
TrueCrypt icon in Taskbar Notification Area (System Tray). If the icon is blue, no volumes are mounted. If the icon is brown, one or more volumes are mounted.

You can now use the encrypted volume as any other drive - open it in Windows Explorer, create folders, copy, move and delete files, etc.
After moving files and folders to the volume, it is strongly suggested to wipe free space on your hard disk to prevent recovering the sensitive files using undelete software.

The mounted volume stays mounted as long as you log off Windows. If you have specified so in TrueCrypt preferences, the volume might be automatically dismounted when screen saver runs, or when no data has been read from or written to the volume within 60 minutes. The preferences are described in the very beginning of this article.

Dismounting TrueCrypt volumes

If you want to manually dismount a TrueCrypt volume, right-click TrueCrypt icon in Notification Area. Then use either Dismount All Mounted Volumes or Dismount <drive letter:> command.
Please note that the commands do not affect encrypted system drives or partitions.
TrueCrypt icon right-click menu. To stop using mounted volumes, click 'Dismount All Mounted Volumes'.

A notification about this appears in Notification Area. If you dismounted all volumes, TrueCrypt icon turns blue. If you still have mounted volumes, the icon remains brown.
TrueCrypt icon, 'Successfully dismounted' notification.



Sub Navigation

Sub Navigation
Next: TrueCrypt system drive encryption
Previous: Install TrueCrypt
comments powered by Disqus