How to Create a Hidden Encrypted Volume With True Crypt
A judge recently ordered a US citizen to decrypt storage space on a computer so that police forces could analyze protected files on the system. In this particular case, the defendant was ordered to decrypt the hard drive of her Toshiba notebook no later than February 21, or face the consequences "including contempt of court".
The ruling may still get overturned, but at this point in time it is not clear how this will turn out.
Encryption makes sure that only authorized users can enable access to data provided that there is no loophole or backdoor built-into the software itself. People traveling to the US may have their mobile computers analyzed by federal agents even without probable cause.
Users have a number of options at their disposal to protect their data from prying eyes. Encryption for instance requires a pass phrase or key to be entered to decrypt the contents of the storage device. If you forget the password, you cannot open the encrypted contents anymore.
There is however a better option for users who want to make sure that they private files stay personal. True Crypt supports so called hidden volumes. These volumes are encrypted volumes inside an encrypted volume. True Crypt calls the concept plausible deniability. You put your important files into the hidden volume, and other files that you do not mind to share with others in the regular encrypted container. When someone asks you to decrypt your data, you enter the password to decrypt the first volume that you do not mind sharing with anyone.
It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.
The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.
Hidden volumes can be created quite easily in True Crypt. New True Crypt users should read through the tutorial posted on the site first to understand the basics of creating encrypted volumes on the computer.
You have the option to create both volumes in one go though, by following the process outlined below. Click on Tools > Volume Creation Wizard. You have two options now how to proceed:
- Create an encrypted file container: This option can be used to create an encrypted file on one of the computer's hard drive and add a hidden file container to it, or add a hidden file container to an existing encrypted file.
- Encrypt non-system partition/drive: This is basically the same option as above, only that it works partitions and hard drives, and not with files. Please note that all contents of the selected hard drive/partition will get deleted in the process.
I suggest you start with an encrypted file container to see how the process works.
Select Hidden TrueCrypt volume on the next page
Now you have the option to select normal or direct mode. Normal mode creates both the outer and the hidden volume in the process, while direct mode creates a hidden volume inside an existing True Crypt file container.
Lets pick normal mode to demonstrate how both the standard encrypted container and the hidden container within are created.
You now need to select a file name for the outer container. Pick any directory and file name that you want. You can use the file name to your advantage, for instance by making it a .tmp file or a .avi.
You are then asked to select the encryption algorithm and hash algorithm for the outer volume. Pick one each or keep the default settings.
You are then asked to select a size for the file container. Keep in mind that the hidden volume is added to this container file as well. Select a password on the next screen. This password is used to decrypt the files stored in the outer volume. The volume will be formatted afterwards. Move your mouse around to create random values. Click on Format afterwards to create the file. Depending on the size, you may need to switch the file system from FAT to NTFS.
Now that you have created the outer volume, you move on to the next step, the creation of the hidden volume.
The process is nearly identical. You first select the encryption and hash algorithms, then the file size. True Crypt will display the maximum possible hidden volume file size on that screen. Don't select the maximum if you plan on adding files to the outer volume as well.
The remaining steps are identical. You now have one outer volume, one hidden volume and two pass phrases to decrypt the volumes on your computer.
Mounting the hidden volume
To mount either the outer or hidden volume do the following:
- Select a free drive letter in the True Crypt interface.
- Click on Select File and browse to the encrypted file that you want to mount.
- click on mount afterwards.
- Enter the pass phrase for the outer volume to mount it, or the password for the hidden volume to mount it instead.
If you mount the outer volume you may want to click on mount options to check the "protect hidden volume against damage caused by writing to outer volume" box to avoid to protect the hidden container from being partially or fully overwritten. You need to supply the hidden volume password though for this option.
The very same principle applies to the creation of a hidden volume inside an encrypted partition or hard drive.
What's your take on this new ruling?Advertisement