I’ve been talking recently about using TrueCrypt to encrypt your backups to keep them secure while they’re at your off-site backup or wherever they are. So I decided to do a little how-to on doing exactly that. Here we go:

First we need to create the template files. There’s no arguments in TrueCrypt to create new volumes from the command line, so we need to pre-create them.

1. Click the “Create New Volume…” menu item:

2. Choose the standard volume:

3. Choose the location of the new volume:

4. Choose the encryption algorithm (the default, AES, should be ok):

5. Chose the size you want for the volume. You won’t be able to change the size of the volume after it’s created, so make sure you have enough room for the stuff you want to store in here:

6. Choose a password. TrueCrypt really recommends a password with at least 20 characters and then if you add in special characters and mixed case, all the better:

7. Create it!

8. Badda boom! Badda bing!

Now you have a TrueCrypt volume file ready to put stuff into it. I use oneTrueCrypt volume file for each of my main folders:

Recently I wrote a batch file that will make a copy of this TrueCrypt file you just created (so you can use it as a blank template file for all further backups), mount the file, copy in the contents of a folder, dismount the file, and then archive the file to some location if you so choose. You can download it here.

Let me know if you use it and it’s awesome. Let me know if you’ve tried it and it sucked. Let me know if you just don’t care. Whatever. It’s all good. But if you really want to be slick, you should set up a task in Windows Task Scheduler to automatically archive using the script. Pimp.

Scott Hanselman recently blogged about backups. Jeff Atwood recently blogged about security. Often times those things go hand-in-hand. So here’s how I do things:

• I use TrueCrypt to encrypt my flash drive as well as other important data. TrueCrypt is easy to use, secure and free. There’s no reason not to use it.
• I don’t run as administrator… most of the time. After installing TrueCrypt, I can use my TrueCrypt Traveller disk as a non-privileged user and it works fine. The only machine that I still run as an admin is my Snapstream Beyond TV box, but I rarely get on the console to do anything anyway. All the rest of my machines are running with non-privileged accounts.
• I use the No Script FireFox plugin. This is a whitelist/blacklist style plugin so any sites I haven’t explicitly allowed don’t get to run their scripts. And we all know how bad scripting is now.
• My household stores all our data in one NAS device. We don’t have some data here and some data there. It’s all on the NAS. This is really convenient when reformatting any of the PCs since I don’t need to save off any data first. Also, when backing up I just need to backup this one device and I’m done.
• I store my backups off-site. I have an external USB hard drive that I bring home once every couple months. I put the data into a handful of TrueCrypt volume files, copy it to the drive, then bring it back to work.
• I don’t use Anti-virus. It’s slow, it barely works and when it does work, it’s only for known viruses. But when I do need to scan something I just upload it into a new mail in Yahoo as an attachment and Yahoo scans it for me. Bam, virus scanner on demand.
• I don’t use virtual machines. Not because I don’t want to, but because you need to buy an additional license for your OS to use it in a VM. This may not be an issue for you open source guys, but it is for us who use Windows… and it ain’t cheap.

So there’s my grand strategy. What yours?

TrueCrypt is an open-source encryption program that lets you encrypt collections of files into a TrueCrypt volume or let’s you encrypt your whole USB flash drive. You can even set it up to leave no traces or hint of TrueCrypt for some nice plausible deniability.

I currently use it to split my 4GB flash drive into a 2GB TrueCrypt volume to store my financial data, code and other stuff I don’t want other people’s mitts on and then I leave the other 2GB unencrypted for things such as videos and other files that I don’t want to have to force through TrueCrypts on the fly decrypter.

When I plugin my flash drive, TrueCrypt auto starts:

…and then asks for my password:

Then it’ll mount your TrueCrypt volume as another drive on your computer:

After that, you can use it the exact same way you would any other drive. Everything you do on this newly mounted drive (note: T is the encrypted virtual drive and H is the USB flash drive in this case) is actually run through TrueCrypt and encrypted/decrypted on-the-fly before being read from/written back to your TrueCrypt (*.tc) file.

This allows you to do some other cool things such as:

• Put all your data into a TrueCrypt volume before backing up and storing off-site. Maybe even with some batch file goodness.
• Safely use a service like Mozy so that your data won’t be super exposed when travelling over the world wide web.
• Deny any involvement when the KGB has you and your flash drive and is about to start pulling teeth.

And coincidentally I’ve done all of those…