TrueCrypt
From CVL Wiki
Using TrueCrypt and VT Personal eToken to encrypt your data
- ECE recommends using the VT Personal eToken with a keyfile instead of a normal password. This method provides both physical security and lets you to copy the keyfile to a remote secure location for backup and recovery. The ECE IT Group strongly recommends backing up your keyfile, and offers backup services to this end.
Creating the TrueCrypt Volume and Keyfile
- Download and install TrueCrypt and the Virginia Tech eToken software
- Open TrueCrypt
- Click on Settings menu -> Security Tokens...
- In the dialog box enter the following and click OK:
- Windows: C:\Windows\system32\etpkcs11.dll
- OS X: /usr/local/lib/libeTPkcs11.dylib
- Click on Tools menu -> Keyfile Generator
- Note: Technically any file can be a keyfile, however we recommend creating a new one with the built-in tool
- Follow the instructions at the top of the window, then select Generate and Save Keyfile... and choose a easy-to-remember filename.
- Click OK to close the Keyfiles window
- Insert your VT eToken into a USB slot
- Click on Tools menu -> Manage Security Token Keyfiles... and enter the eToken password
- Note: If you are not prompted for your eToken password, please make sure that you have properly installed the eToken software.
- Click on Import Keyfile to Token...
- Select the keyfile you created in step 5 and click Open
- Click OK twice to close out of the Security Token windows.
- Click on Settings menu -> Default Keyfiles...
- Click on Add Token Files...
- Select your eToken name and click OK twice to close the windows.
- Read the prompt and click Yes
- Click on Create Volume to start the Volume Creation Wizard
- Select Create an encrypted file container and click Next
- Select Standard TrueCrypt volume and click Next
- Click Select File..., choose a filename and location for your TrueCrypt volume and click Next
- IMPORTANT: This file is the encrypted "folder" where you will be putting your sensitive data, remember where you save it!!
- Select AES in the drop-down menu and click Next
- Choose a volume size appropriate for your files. This is a static volume size, you will need to make a new TrueCrypt volume if you run out of room for your files.
- Leave the password boxes clear, check Use keyfiles and click on Keyfiles...
- Select your eToken name and click OK,
- Click Next
- Enter your eToken password
- Keep the default Filesystem options (FAT, Default, uncheck Dynamic) and move your mouse as randomly as possible for a brief time before clicking Format
- Click OK, then Next, then Cancel to close the Volume Creation Wizard
- Click Settings menu -> Preferences
- Under the Auto-Dismount section:
- Check "User logs off" (default)
- Check "Screen saver is launched"
- Check "Auto-dismount volume after no data has been read/written to it for ____ minutes" (Recommended 25 minutes)
- Check "Force auto-dismount even if volume contains open files or directories" (default)
- Click OK to close the preference window
- See the next section for instructions on mounting the TrueCrypt Volume you have just created
Mounting your TrueCrypt Volume
- Open TrueCrypt
- Insert your VT eToken into a USB slot
- Select a drive letter in the main window
- In the "Volume" section, click on Select File...
- Select the TrueCrypt Volume file you created in the section above and click Open
- Click on Mount
- Enter your eToken password and click OK
- Your TrueCrypt Volume will open in a new Windows Explorer window, and you can move your files to the folder. The volume is mounted as an additional drive under Computer
- Remember that your TrueCrypt Volume will dismount automatically if you do not use it for the ____ minutes set in the instructions above
- When you are finished working with your TrueCrypt volume, remember to Dismount!
If you have any problems or questions, please contact John Harris or Branden McKagen
