Create hidden encrypted volume within a file Viewing Page 1 -- Go To

Create hidden encrypted volume within a file using TrueCrypt

TrueCrypt is an application that provides encryption solutions for users. The program is capable of encrypting an entire system partition or hard drive, encrypting non-system partitions or hard drives or creating encrypted volumes within files that can be mounted in Windows. Optionally, it also has a wonderful option to create a hidden encrypted volume within a volume to provide added protection. In this guide, we will look at creating a hidden TrueCrypt volume within a file. The process is relatively easy and straight-forward so you will not require any extra knowledge of encryption or file systems to carry out the task.

Introduction & Requirements

Software you must download and install
Required: You can download TrueCrypt from AfterDawn. Run the installer when the download completes and then run TrueCrypt from your Desktop or Start Menu. Download

Download TrueCrypt and run the installer. When it is installed, run the application from your Desktop or Start Menu to get started.

Essentially what we are going to do with TrueCrypt is create a file that contains two encrypted volumes within it. The first is a normal TrueCrypt volume and the second is a hidden encrypted volume within the normal volume. Why do this? With a normal TrueCrypt volume it is quite easy to identify a file as containing an encrypted volume. In that case, there are ways that a user might be forced to give out the password to decrypt the volume (such as a court order or extortion). However, there is no way to say for sure if the normal TrueCrypt volume contains an additional hidden encrypted volume. With TrueCrypt, any unused space within a file is stored as random data.

The normal and hidden encrypted volumes will have two separate passwords (should be drastically different), two separate file systems and even two separate encryption methods. Which volume is mounted in Windows depends entirely on which password you enter, you do not have to mount the normal volume first to mount the hidden volume.

TrueCrypt First Run

The TrueCrypt interface is quite easy to understand. It lists the available drive letters than can be used for any volume mounted by TrueCrypt and has several options available such as to Create Volume, Mount Volume, setup an Auto-Mount and so on.

In this guide we will create a Hidden Volume within a normal TrueCrypt volume for enhanced privacy and security. When we finish that, we will cover mounting either of the encrypted volumes. To get started, click Create Volume.

Create Volume

TrueCrypt gives you three starting points for creating an encrypted volume. Create an encrypted file container, Encrypt a non-system partition/drive and Encrypt the system partition or entire system drive. In this guide we are going to house our encrypted volumes within a file, so select the first option to Create an encrypted file container and click Next.

Select Volume Type

Now you must decide what kind of encrypted volume you want to create inside the file container. Two options are available; a Standard TrueCrypt Volume or a Hidden TrueCrypt Volume. In this guide we will create a hidden TrueCrypt volume for security purposes even though it takes more steps to complete than a standard volume.

If you want to know all the reasons why a hidden TrueCrypt Volume is suggested as opposed to a Standard Volume, then read this article on the TrueCrypt website that explains it very well.

Select Hidden TrueCrypt Volume and click Next.

Volume Creation Mode

TrueCrypt has two Volume Creation Modes to choose from here. Normal Mode will continue to create a new normal TrueCrypt volume within a file before continuing to create a hidden TrueCrypt Volume. Direct Mode assumes that you already have a suitable normal TrueCrypt volume available and that you are trying to create a hidden volume within the normal volume.

Obviously if you are following this guide, you have never done this before, so select Normal Mode and let's continue. Click Next.

Select a File

Here is where you will select a file name and location. Inside this file will be your encrypted volumes which you can later use TrueCrypt to mount in Windows.

Click the Select File button and you will be able to create and save a file of any name or extension as per usual. However, it is hihgly recommended to avoid extensions that will be targets of anti-virus scanners. For example, don't use .exe as an extension as it is an executable and when you have it mounted it may be the target of scanners. Similarly, don't use extensions for file compression formats such as ZIP or RAR for the same reason. In my example, my file name is hidden_volume_example.dat - of course you should name it something that does not provoke suspicion in reality, that is just for simplicity in the guide.

When you have selected a file directory and name, click Next.

Creating the Outer Volume

Nopw that you have set a filename and determined that you want to create a Hidden Volume within a Normal TrueCrypt volume, the program will start by creating the Normal TrueCrypt Volume, which it calls the Outer Volume.

Click Next when you are ready to begin.

Outer Volume Encryption Options

You have a large selection of encryption options for the Outer Volume. You do not need to choose the same encryption scheme for both volumes, in fact, it would probably be wise to go with a different encryption scheme for each. Any of the encryption settings offered by TrueCrypt should provide a decent level of encryption that is extremely hard or impossible to break as long as you choose a strong enough password later on.

You will notice that as you select options, TrueCrypt will give you short descriptions of the encryption. Choose whichever sounds most appealing to you and click Next.

Outer Volume Size

You now must select the size of the Outer Volume. Please note that the Outer Volume has to be larger than the Inner / Hidden Volume for obvious reasons. For example, if you wanted about 1.5GB of storage in the hidden encrypted volume, you are best off creating a 2GB Outer Volume to minimize risks of overwriting sensitive data on the hidden volume when writing files to the outer volume.

Whatever size you select, that will be the minimum size of the file you created to house the encrypted volumes. So make sure you have enough storage space on your hard disk drive or USB key to store the large file. When you have made your selection, click Next.

Choose Outer Volume Password

Of course you will need a password to protect the contents of your encrypted volume so you will need to set it here now. There is no point in even using encryption if you plan to use a weak password. TrueCrypt advises that you use over 10 characters (mixture of numbers and letters etc.) as smaller more typical passwords are highly vulnerable to powerful brute force attacks.

Once you are finished entering your password, click Next.

Choose Outer Volume File System and Format

You can use a FAT or NTFS file system but it is highly recommended that when you plan to include a hidden encrypted volume that you use the FAT file system (you can still use NTFS for the hidden volume later). Using FAT saves space that can be used for the hidden volume.

Also notice that as you move the mouse over the window the random pool to generate keys changes rapidly. For enhanced security, move the mouse around the window for about 10 seconds and then click Format. In a couple of minutes (depending on the size of the volume you created), your outer volume should be ready.

Outer Volume Contents

Once the Outer Volume has been created it will automatically be mounted (should be visible in Windows in My Computer, or Computer on Windows 7) typically as Z: unless that letter has already been assigned to a drive. Here you must do something very important.

The whole point of creating a hidden encrypted volume is to protect against being forced through extortion or otherwise to hand over the password to gain access to your sensitive data. In this case, if you were forced to hand over a password, you can just have over the password of the Outer Volume and when it is mounted, it will appear normal and contain whatever files that you have decided to add to it.

So for example, you could put in there some documents related to work that are not particularly sensitive or your resume or other generally personal documents that are not your primary concern when it comes to privacy. Then, when you hand over the password to this volume, it appears that you were simply protecting those documents and there is no way for the individual or group that demanded the password to know that there is more encrypted data hidden within that file.

So now is the best time to write either phony documents or similar data to the Outer Volume (make them look important even if they are not) before you proceed to create the hidden volume. Click the Open Outer Volume button and it will load an empty volume that you can add files to the same way you would any folder or drive. Add in the documents like I did above (those are 2007 work-related spreadsheets that I don't consider very sensitive but some would). The more space you use up here the less space will be available to the hidden volume.

It is very important to remember not to write more data to the Outer Volume later on if you can help it. The reason is because it is entirely possible to overwrite parts of the Hidden Volume (if this wasn't possible then it would be very easy to determine there is another volume present) if you write data to the outer volume later.

Outer Volume Done - Time to Create Hidden Volume

The Outer Volume is now completed and you should have put in some seemingly sensitive information into it to avoid suspicion. Now you must click Next and begin the process of creating the Hidden Volume. You can see how to do that ON THE NEXT PAGE.

Create hidden encrypted volume within a file Viewing Page 1 -- Go To

Table of Contents

  1. 1. Introduction, Requirements & Outer Volume Creation
  2. 2. Create Hidden Encrypted Volume
Written by: James Delahunty
Last updated: