It’s been a while since my last post, but now I have some free time to share some more useful (in my opinion) tips on how to make your computer more secure.
Encryption is one of the methods that helps to keep your information safe even if your computer (well, most likely laptop) gets lost or stolen. However, it is quite tricky to setup an encryption for a single operating system, not to mention dual one. Nowadays many computer users use at least two OS on their machines for whatever reason and I will try to show how to encrypt both of them or at least the most vulnerable information.
Please note. The downside of the method I’m describing here is that you will have to make a fresh install of Linux alongside with Windows. However, if you already have Linux OS installed, you will need to move your GRUB loader from Master Boot Record (MBR) to Linux partition. That’s not an easy task.
Before you do anything, please make sure you have backups of your files and even better if you read about dual boot on Ubuntu website beforehand.
And also please consider the following:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. Use it only to migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images.
Use any integrated support for encryption. Search available installation packages for words encryption and crypt, install any of the packages found and follow its documentation.
So here is the list of what I’ve used:
- Operating systems that will be encrypted: Windows 8 (can be Windows XP/Vista/7) & Xubuntu 14.04 LTS (can be any Linux distro which gives an option to encrypt /home folder during installation (this helps to keep things simple))
- Partitioning tools that should be used to allocate space for Linux OS: anything you feel comfortable with. Hiren’s BootCD has many useful partitioning tools, such as GParted Partition Editor
- Encryption software: TrueCrypt (can also be used in Linux itself)
- Optical media emulator (optional): DAEMON Tools Lite
The process consists of two main steps and two optional ones:
- Appropriate Linux (Xubuntu) installation
- Installation and setup of TrueCrypt
- Install TrueCrypt on Linux
- Mounting encrypted Windows partition in Linux
Xubuntu installation
Hundreds of tutorials on how to install (X)ubuntu exist out there. Please follow the highlighted link if you are not familiar with Linux installation process. It’s very straight forward these days. However, there are some points you have to be aware of in order to make a new installation to work with TrueCrypt and also to encrypt the /home directory:
- For the sake of simplicity I’m using only one, root (/), partition for Xubuntu installation. You may want to add swap or more partitions too. However, the most important part is to set Device for boot loader installation: to that root partition of Linux, which in my case is /dev/sda3. Only then TrueCrypt will be able to tie up Linux installation with its own boot loader.
- Also do not forget to tick the box Encrypt my home folder on user setup screen.
TrueCrypt installation & setup
Once Xubuntu is installed, reboot and log back to your Windows installation. If you installed GRUB boot loader on Xubuntu partition Windows will boot as usual and without interruption (GRUB loader options screen). Then download TrueCrypt and install it. After installation ends, double click on a blue TrueCrypt icon on a right hand side on a taskbar. Please follow the screenshots below for the further instructions.
-
Go to System > Encrypt System Partition/Drive…
-
Choose Normal encryption type
-
Encrypt Windows partition only since we already encrypted Linux /home directory
-
Pick Multi-boot option
-
Select No, because we installed our boot loader to /dev/sda3 partition
-
I’m using AES encryption and RIPEMD-160 hash algorithms
- Enter and confirm your password on next screen. Make sure it is strong password as this is the only way for someone else to get access to your files!
-
Get your mouse crazy 🙂
- Click Next on Keys Generated screen
-
Make an ISO rescue disk image and keep it in secure place (for example, in encrypted FAT partition on your USB key… Can be done with TrueCrypt too ;))
-
Now TrueCrypt will try to check the rescue disk, so we need either burn the image to CD or mount it with some optical media emulator, i.e. Daemon Tools Lite
-
I don’t use any wipe mode
-
Now it’s a time to let TrueCrypt check itself. Click Test and then Yes in order to reboot your machine
-
Here’s what you going to see before any OS boots (sorry for quality of pictures). Enter the password you used during TrueCrypt installation
If you were to click ESC, you would get to Linux boot screen
-
After reboot, if test was successful, you should see following confirmation window
-
Now click Encrypt and wait till encryption process will end
-
And that’s what you are likely to get once you choose to boot Linux OS. Xubuntu will ask you for an encryption passphrase.
Xubuntu TrueCrypt Installation
Should you wish to access the data on your Windows partition while you’re using Linux OS, you should to mount it as an extra drive with TrueCrypt, which then will ask you for your TrueCrypt password for that particular partition.
So what we need is TrueCrypt for Linux, or in our case – for Xubuntu, which is Debian based distro, therefore we will download *.tar.gz package from TrueCrypt download page.
Simply select Standard – 64 bit (x64) (or 32 bit (x86) if you are using 32 bit Linux) from a drop-down list under Linux and download it.
Now navigate to the directory where you saved this package (it’s been named TrueCrypt-7.2-Linux-x64.tar.gz in my case), right click on it and choose Extract Here from a menu.
You will get a single truecrypt-7.2-setup-x64 file which you can execute directly or via Terminal by using command
sudo sh ./truecrypt-7.2-setup-x64
I prefer command line and the quickest way to use it would be to right click on an empty space in a folder that holds TrueCrypt installation file and to choose Open Terminal Here option.
After the installation you will see following screen, which tells how to remove TrueCrypt from Linux
It’s basically
xubuntu@xubuntu:~$ sudo truecrypt-uninstall.sh TrueCrypt uninstalled.
In case you’re getting following error whilst running TrueCrypt,
/usr/bin/truecrypt: 1: /usr/bin/truecrypt: Syntax error: "(" unexpected
try using 32bit (x86) version instead.
Mounting encrypted Windows partition in Xubuntu
Right, so once we have TrueCrypt for Linux, we can access it via Accessories>TrueCrypt. But before let’s create a folder in /mnt directory which will hold all our Windows files once mounted. Again, open the Terminal and type in
sudo mkdir /mnt/windows
In a TrueCrypt window we simply select Select Device… button, and then we select our Windows partition from a list of partitions available to us. In my case it is /dev/sda2 partition. You can guess which is your Windows partition by its size for example.
Now click on Options button, tick the Mount partition using system encryption (preboot authentication) box and also enter the path to your mount directory, which in our case is /mnt/windows
Click OK and that’s it – you should be able to access your Windows files in your /mnt/windows directory.
I hope these little tips will help you to keep your data secure and any comments or suggestions are welcome as usual.
Comments
Share your opinion by posting or replying to others comments.
Jeff –
November 16, 2014 at 22:56 - 10 years ago
To expand on my question, I have a 4TB (I meant TB above, not GB) brand new HDD. I want to have 3 partitions: Truecrypt Encrypted Windows 7, Ubuntu and Truecrypt Encrypted data partition. Can I simply install Windows 7 at the very beginning of the HDD or should I add a 100MB partition before the Windows 7 partition. Thanks!
Jeff –
November 16, 2014 at 22:54 - 10 years ago
Hi Donatas, Thanks a lot for this tutorial. I’m not sure if you are still monitoring comments, but I have a question. What is that 104MB partition before your windows partition? Once I tried to use truecrypt to encrypt a system drive and it gave me an error saying that there was no room at the beginning of the drive for the volume header/bootloader (can’t remember which). Is it necessary to place a small partition or can I simply have 2 partitions, for example 1GB windows 7 and 1GB Ubuntu? Thanks!