TrueCrypt is free open-source disk encryption software for Windows Vista/XP/2000 and Linux. I use at work and at home.
Edited to add:
- These instructions were written for version 4.3a and will work for version 6.0.
- I also have an easy to follow HowTo using TrueCrypt’s built in “Traveling Disk Setup”
- Additional information on making AUTORUN work…
It is possible to install TrueCrypt to a USB drive with an AUTORUN.INF file so that you have a self-contained, encrypted, portable storage.
Here is what I get when I insert my USB drive.
I can just select “Mount TryeCrypt Volume” enter my password and begin working.
With the version I am using, I installed TrueCrypt to my machine, then copied TryeCrypt.exe and TrueCrypt.SYS to the root directory of the USB drive. I then used TrueCrypt to create a large file in the root directory of the USB drive called MyData.tc.
The last step was to create the AUTORUN.INF file below. Note that the my example mounts the TrueCrypt volume as drive I:. To change the letter, change the /li and /di parameters to meet your needs.
AUTORUN.INF
[autorun]
label=MyData
icon=truecrypt.exe
action=Mount TrueCrypt Volume
open=truecrypt /v MyData.tc /li /q /a /m rm /e
shell=mounttc
shell\mounttc=&Mount
shell\mounttc\command=truecrypt /v MyData.tc /li /q /a /m rm /e
shell=dismounttc
shell\dismounttc=Dismount
shell\dismounttc\command=truecrypt /di /q
shell=runtc
shell\runtc=Run TrueCrypt
shell\runtc\command=truecrypt
I used to dislike anything that “AutoRan” when I put the disk in the computer, now that I can make my own AUTORUN.INF files, they are cool!
If you are looking for more information, Microsoft Developer network (MSDN) has an article, which covers all the options in a AUTORUN.INF file and DailyCupofTech an article AUTORUN.INF Tweaking.
- http://msdn2.microsoft.com/en-us/library/bb776823(VS.85).aspx
- http://www.dailycupoftech.com/?page_id=149
A number of people (including me) have had trouble with Autorun NOT working. First, make sure you have the latest patches and drivers.
Then, go into the registry with REGEDIT (Start->Run->RegEdit)
Look at this information:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom
If this is 0 (Zero) set it to 1 (One)
Then check (Windows 95 through XP, not Vista)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
If this is 95 (0x5F hex) set it to 91 (0x5B hex)
For details on the above information, check out document, KB 330135. It details things to try when AUTORUN or AUTOPLAY do not work and document, KB 136214 which details the second registry edit.
http://support.microsoft.com/kb/330135
http://support.microsoft.com/kb/136214
Microsoft has more hits than I can catalog when searching for AUTOPLAY at search.msdn.microsoft.com
http://search.msdn.microsoft.com/Default.aspx?query=autoplay&brand=msdn&locale=en-us&refinement=
I did have a machine that never ran my AUTORUN file. I eventually made it into a print server…
Have you tried this on Linux yet? Does the AUTORUN.INI file work for linux AND windows at the same time. Meaning can it only work on Linux or Windows, but not interchangeable?
It is Windows only at this point. I started this because I like the way Ubuntu auto-mounts USB drives to the desktop, but I haven’t been able to have it auto-run TrueCrypt. Also, there is an OSX version of TrueCrypt, so it should be possible to setup a USB drive that auto-opens the encrypted drive on Windows, Linux and OSxX, but I haven’t figured it all our yet.
Ok. SLED and openSUSE also have good auto-mounting of USB drives. I have a new 4gb stick and was thinking about setting up a 3gb enc. and 1gb non-enc. after reading this. But I’d like it to be able to work on both Linux and Winders.
As much as I am a Linux wanna-be, I don’t have a regular Linux box to try it on. I’ve had the most success with Ubuntu. I was not able to get the Linux version of TrueCrypt running. If I ever do, I will definitely post it here because it will will become my platform of choice.
I have been using a very similar setup on my XP SP2, but after changing to Vista (Home Premium) I’m having trouble using autorun.inf and mounting TrueCrypt volumes.
My autorun.inf is:
[autorun]
label=MyDrive
icon=myicon.ico
action=Help! I’m Lost!
open=Help!.exe
shell\lost=Help! I’m Lost!
shell\lost\command=Help!.exe
shell\mount=Mount TrueCrypt volume
shell\mount\command=TrueCrypt\TrueCrypt.exe /q background /l x /m rm /v “Encrypted”
shell\newmount=New Mount TrueCrypt volume
shell\newmount\command=TrueCrypt\TrueCrypt.exe /l x /m rm /v “Encrypted”
shell\unmount=Unmount all TrueCrypt volumes
shell\unmount\command=TrueCrypt\TrueCrypt.exe /q /d x
shell\keepass=KeePass Password Safe
shell\keepass\command=KeePass\KeePass.exe
shell=lost
The encrypted volume is named Encrypted and is located in the root of the USB drive.
The problem is that I get the following error message when I mount the TrueCrypt volume, i.e. after having entered my password:
“The system cannot find the file specified.”
This happens when using the shell\mount option above.
If I use the shell\newmount option above, TrueCrypt starts and I then have to select the encrypted volume file. But it starts in C:\Windows\system32 and not from the root of the USB drive. I guess that is the problem for the shell\mount option.
But I can’t add the USB drive letter in autorun.inf, as it (of course) changes when I use the USB drive on another computer.
What’s the cure? bat files?
/Mogens
I haven’t used Vista yet, so I haven’t had this problem. One question though. Do you have TrueCrypt installed on the computer? If so, maybe Vista is running the installed copy and not the copy on the USB drive.
I like the way you have KeePass installed. It looks like when you insert the USB drive, you have the choice of “Help! I’m Lost”, “Mount TryeCrypt Volume” or “KeePass Password Safe”. Very Cool!
What does Help!.exe do ?
Help!.exe is from Daily Cup of Tech, and displays the contents of a readme.txt file as a popup, i.e. it displays a message saying I’d like the USB key back, and how to contact me.
TrueCrypt is only installed on the USB key. That way I can use the key at home and at work, except for the problem with Vista.
/Mogens
Mogens:
(edited)
I am able to open my TrueCrypt disk on a Vista Business machine AND a Vista Home Premium machine. One thing I notices was that my “Encrypted” file is in the same folder as TrueCrypt AND I specify to folder name on the command line. I started a POST where I look at the TravelerDisk mode, but lost it (or forgot to finish it, which is more likely the case).
Take a look at my CURRENT AUTORUN.INF File (Note the path to the MyData.tc file). Anyway, this works really well. Good Luck. Also, thanks for the Daily Cup of Tech. They are Great!
[autorun]
label=MyData
icon=TrueCrypt\TrueCrypt.exe
action=Mount TrueCrypt Volume
open=TrueCrypt\TrueCrypt.exe /v “TrueCrypt\MyData.tc” /q background /a /m rm /e
shell=mounttc
shell\mounttc=&Mount
shell\mounttc\command=TrueCrypt\TrueCrypt.exe /v “TrueCrypt\MyData.tc” /q background /a /m rm /e
shell=dismounttc
shell\dismounttc=&Dismount
shell\dismounttc\command=TrueCrypt\TrueCrypt.exe /d /q background
shell=runtc
shell\runtc=Run &TrueCrypt
shell\runtc\command=TrueCrypt\TrueCrypt.exe
Hello Hutch,
try this solution under linux (should work under gnome, kde and shell if manually started):
Place the following lines in script autorun in the root directory of your usb stick, to do so, first create file:
touch autorun
make it executable:
chmod +x autorun
and place the correct content inside by doing this:
cat>autorun<&1 >/dev/null;echo $?` -eq 1 ]; then
infoNoTrueCrypt $wm
if [ "${installTC}" == "1" ]; then
installTrueCrypt $wm
else
exit
fi
if [ `which truecrypt 2>&1 >/dev/null;echo $?` -eq 1 ]; then
exit
fi
fi
if [ "`mount|grep "${mediaDir}${trueCryptMountPoint}"`" != "" ]; then
truecrypt -d ${mediaDir}TrueCrypt/Volume
else
askPassword $wm
if [ "${passWord}" != "" ]; then
truecrypt ${mediaDir}${trueCryptVolume} ${mediaDir}${trueCryptMountPoint} –password=${passWord}
fi
fi
EOF
After that you should have working autorun solution under linux, however you need to change some variables at the beginning of the script and have /TrueCrypt/Volume mount point inside your usb stick directory structure (or other directory if you prefer, but also fix the variable name)
If you need more help, feel free to mail me.
The website with the correct content of the script is: http://b50.roxor.pl/~michal/linux/autorun.txt
I have a situation similar to Mogens’. I have a 512MB flash drive and am moving over to a 2GB version. The old 512 drive autoran on every machine I plugged it into – never a single issue.
I created a traveller disk on the 2G drive but it would not autorun (XP Pro SP2). So I formatted and simply copied the directory structure from the old 512M drive – this is using the original volume, truecrypt files, autorun…everything from the old drive. But…the new drive still will not autorun!
The new flash drive is an Imation, for what that’s worth. Is there some upper limit to the capacity of USB drives that can use autorun?
Keith:
I don’t believe there is an upper limit. I have a 1 gig that works great. Imation puts the U3 software on some of their disks. If you have the U3 program, it may be interfering.
In Explorer, turn on the “Display Hidden Files”, “Show System Files” and turn OFF the “Hide Protected Operation System Files”. maybe there is something hidden on the USB drive.
You could also head over to http://www.pendrivelinux.com. They have links to an HP USB format utility, which may be able to really format your USB. Format as FAT32.
Mical:
This is looks GREAT. Can’t wait to try it!
-Eric
I am using a bunch of flash drives for employees at work and the process of encryption etc. needs to be as simple as possible. The Autorun option works great to mount the drives.
My questions: how do they dismount the drives, what is the simplest way to dismount? I noticed if I edit a word document, close word and pull out the drive (without dismounting) things get messy. But, that is likely what my employees will do.
What solutions have people found to work.
With version 4.3 of TrueCrypt, I seem to remember being able to go into the “My Computer” and right click the USB drive and select “Eject”. This would dismount the TrueCrypt volume then make the USB safe to remove.
That doesn’t seem to be working with 5.0. I tried it and the computer got confused, told me I had files open, then when I pulled the USB drive out, it rebooted.
I suggest you try version 4.3a of TrueCrypt, combined with “Instantly Eject a Specific USB Drive” tips from LifeHacker.com
http://lifehacker.com/368755/instantly-eject-a-specific-usb-drive.
-Eric
Have a look at Liberta AutoStart (don’t want to link due too spammy), it’s a bit outdated, but works fine, it’s able to generate the autorun.inf files easily, so it’s even should be a lightning-fast, hotkey-free PStart replacement.
And of course, it’s dealing also with TC volumes.
I guess this isn’t really a Truecrypt query but perhaps someone can help. I have Truecrypt on a USB stick along with the encrypted volume and autorun created by the Truecrypt program as follows-
[autorun]
label=TrueCrypt Traveller Disk
icon=TrueCrypt\TrueCrypt.exe
action=Mount TrueCrypt volume
open=TrueCrypt\TrueCrypt.exe /q background /e /m rm /v “XData”
shell\start=Start TrueCrypt
shell\start\command=TrueCrypt\TrueCrypt.exe
shell\dismount=Dismount all TrueCrypt volumes
shell\dismount\command=TrueCrypt\TrueCrypt.exe /q /d
This used to work on my Vista Business PC so that when I clicked on the USB stick icon in Explorer Truecrypt ran and asked for the password to mount the volume. But for some reason this has changed and I now have to run Truecrypt. I cannot find anything in the USB stick properties to control this, and Autoplay in the control panel has no devices listed apart from CDs, DVDs and Blueray. I’d be very grateful for any suggestions.
ChristopherM:
A lot of people have had trouble getting AUTORUN to work under Windows, so I edited the article some information which might be helpful.
I also started a discussion in my newly installed forums here:
http://ericsprojects.com/forums/comments.php?DiscussionID=1&page=1#Item_1
Eric,
OI found an issue that you might not be aware of in the Autorun example you gave. Mine wouldn’t run either on XP SP3 or Vista SP1. It would get as far as the Icon entry but no further.
I REM’d the “Action” line and it finally opened. So I put the “Action” Entry in Quotes knowing that command line scripts can get very particular with spaces:
Action=”Mount TrueCrypt Volume”
And it finally displayed the dialog box with the relevant description. I noticed that the shell command “Run &Truecrypt” didn’t appear on the context menu until I put that in quotes too.
Hope this helps some of your readers.
BTW, there is no (Practical) system limit to the size of the drive. I’m using a 300G USB2.0 hard drive and it works just fine now.
Carter:
Thanks for the info. I do have a new Windows XP SP3 machine that does not run my AutoRun. I have tried the “” but that didn’t fix it. I might be having other issues. I’ll keep trying and post and update.
-Eric
Found this, maybe it will help.
http://www.mydigitallife.info/2008/01/14/autoplayautorun-not-working-or-missing-not-open-in-windows-vista/
Update:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
‘NoDriveTypeAutoRun’ set to ’0×00000080 (128)’
This worked for me after a reboot. Good luck everyone.
Hi Eric, thanks for all the info! I am having an issue I hope you can help with.
I stole your code from the comments (#8). When I open Computer and double click on my USB drive TrueCrypt opens and everything works fine; however, when I insert my USB drive and chose mount TrueCrypt from the autorun options I get an “Incorrect Function” error from TrueCrypt. This happens in XP and Windows 7. Any idea what the problem is?
I have had issues IF I had an older version of TrueCrypt on the computer than I had on the USB drive. You either need the same version on the computer and on the USB or uninstall TrueCrypt from the computer.
-Eric
Hmmm, I only have TrueCrypt installed on my USB drive (traveler mode).
Could you paste your AUTORUN.INF file?
Hi, I had the problem “system cannot find the specified file”. Are lots of searching and getting nowhere, I read Erics autorun script. Then I suspected that the Secure Volume might need to have a .tc extension. When the setup procedure created my Secure Volume file it did not give it an extension. I edited the filename to add in the extension .tc and it worked. That was all it needed.
you should post it somewhere, i believe this website accepts non software as well
Interesting. But i do not want to use the autorun feature, due to the many USB viruses spreading around these days. I Would instead like to make a script. like the one tutorial which had the CMD ask you to enter password to open the file.. but in that you have to copy the files in the C:\Windows\ folder and thats for files encrypted on the pc. But i want to have something similar to that, but on the USB. not through autorun.inf but instead through a .bat file or something. so that when i click on the .bat file to run it, it may ask me for the password and then it will mount the file which is on the drive. Anyone got any suggestions?.. Anyone that can help me complete this task?..
ryandigweed:
It should be relatively easy. Go into the folder where your TrueCrypt files are, on your USB drive and create a file, AutoCrypt.BAT with the following command:
truecrypt /v MyData.tc /li /q /a /m rm /e
Where MyData.tc is the name of your TrueCrypt datafile, which needs to be in the same folder as the TrueCrypt.exe and the above AutoCrypt.BAT. The /li should cause it to mount at I:
The rest of the parameters are detailed here:
http://www.truecrypt.org/docs/?s=command-line-usage
This assumes that I: is an available letter.
To use, you would put your USB drive in the computer, navigate your way to the \TrueCrypt folder and double click the AutoCrypt.BAT file. Enter your password when prompted and that should do it.
-Eric
Pingback: Mike Tech Show #433 | Mike Tech Show