HOWTO: Securely open TrueCrypt volumes in one click (Redux)
In the past, I wrote an article about a very easy way to mount and explore a TrueCrypt volume in one step. Some security issues came up about keeping the volume password in the batch file used to mount. This new article take that into account. The [almost] same script is used to mount the volume, but the password is taken out and you are instead required to enter the password at a prompt. The beginning steps are the same as the previous article, so if you just want to see the new feature, skip down to the “Create a script to mount” section.
Create your volume
Create any size TrueCrypt volume using your encryption algorithm of choice. My computer runs the Blowfish algorithm the fastest, so thatâ€™s my typical choice. Make sure you assign a good, long, hard-to-break password to it. The only way to reveal the contents of the volume is the password. Weâ€™re talking encryption standards the government uses here. So no oneâ€™s going to break in another way â€” you need a good password and you must remember it.
Copy TrueCrypt stand-alone files
TrueCrypt comes in an installable version and an stand-alone version. You can use the stand-alone command-only version for the batch script. The stand-alone files are inside the â€œSetup Filesâ€ folder inside the TrueCrypt folder. First, rename
tc-x64.sys. This will make it more simple for us. Go ahead and copy
C:\WINDOWS\. This will allow us to call the TrueCrypt program in the batch script.
Create a script to mount (NEW stuff here)
You may download the new batch script I wrote to mount a volume. Make sure you fill in the appropriate part specific to you — the path to your volume. Place this script in
C:\WINDOWS\ so you can call it from the Run box. Hereâ€™s the main line in the script which has been slightly changed from the previous version:
tc /v <path to file> /l x /p %thepass% /q
As I said, make sure you fill in the correct path to your file. The changed piece is the pulling of the password and the addition of the
%thepass%. That will require you to enter a password through a prompt when you run the script. Your password will no longer be in the file for anyone to see.
You may notice, I use various flags in the call. The
/v flag will make TC mount a volume; then
/l x will mount it as the letter X:\ (like itâ€™s a drive);
/p means the password follows it — where in this case, it causes a prompt. Finally,
/q will quit the program when done. After the mounting takes place, we call explorer on the X:\ drive to open it.
Create a script to unmount
Following the previous scriptâ€™s example, Iâ€™ve also written a script to unmount your volume. Fill in the necessary changes. Place this script in
C:\WINDOWS\ so you can call it from the Run box. The only new flag I use is
/dx which will dismount the X:\ drive.
Test it out
Time to test it all out. Hit
WinKey + R > type in
mount2 (or you can rename my new script to
mount.bat or whatever you want) and hit Enter. Your volume should mount and should open in Windows Explorer. Now, to unmount it, in the Run box, type in
unmount (or whatever you may want to rename it to) and hit Enter. Nextel. Done.