DiskCryptor with key on an USB thumb drive?

Discussion in 'privacy technology' started by tahaa7, Oct 6, 2014.

  1. tahaa7

    tahaa7 Registered Member

    Joined:
    Oct 6, 2014
    Posts:
    4
    Hello all. I would like to use DiskCryptor to encrypt my Windows 7 hard drive. However, I'm wondering if I can use it in a way where my decryption key is located/stored on a USB thumb drive so that when the PC is booting up, USB drive has to be inserted to unlock the hard disk? I do not necessarily want the bootloader located on the USB thumb drive, just the decryption key.

    If that's possible, how do I set it up?

    Thanks for the assistance.
     
  2. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    You can use a keyfile instead of or in addition to a password. You could put the keyfile on a flashdrive. You can locate bootloaders on both the thumb drive and local hard drive. Set the computer to boot from thumb drive by default so it'll boot the encrypted system if the drive is present, and otherwise it could boot another (maybe decoy) system from the local hard drive. I did something like this, see here. However, whatever you do, I'd test it out first on a virtual machine. It's been a while since I used that system, so I don't remember the exact steps anymore.
     
  3. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    780
    I would not leave this key on just one thumbdrive. In my experience they can just 'go' for no apparent reason leaving you without data. So if you choose to do this, have a readily available backup of your key to suit all circumstances that you might find yourself in.
    Have a second thumbdrive with it on.
    As with everything else, backup, backup, backup.

    Even with cd/dvd, if it's important, I always make more than one.
     
    Last edited: Oct 7, 2014
  4. tahaa7

    tahaa7 Registered Member

    Joined:
    Oct 6, 2014
    Posts:
    4
    OK, I tried installing the bootloader and the key file on a USB thumb drive, and I encrypted my hard drive using that configuration. However, when I restart my PC now with the USB thumb drive plugged in, I get the error message "bootmgr is missing" and I cannot boot into windows. I did all that on my old PC, so no important data has been lost. Why am I getting that error message? I did change the boot order in BIOS and I put the USB drive #1, followed by CD/DVD, and then hard drive.
     
  5. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    depending on your setup, you may need to copy bootmgr and boot directory to your encrypted partition (from the boot partition). for example, to C: if that's your encrypted system drive and the DiskCryptor flash drive tries to boot that partition as opposed to the 100 MB boot partition. later you can use the 100 MB boot partition to boot some other decoy system. this of course assumes you have the typical windows 7 setup with a 100 MB hidden boot partition with boot files on it and then C: for system drive and maybe other data partition that you can also encrypt.
     
  6. tahaa7

    tahaa7 Registered Member

    Joined:
    Oct 6, 2014
    Posts:
    4
    OK, thanks, I will do some further testing, using different configurations. Just one quick question: do I need to keep the keyfile itself on the USB thumb drive once I've created and configured the bootloader on that thumb drive? Or can I delete it afterwards?
     
  7. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    the keyfile can be anywhere where it can be read during the boot sequence, and of course you should have a backup of it some place. but it's convenient to keep on the flash drive used for booting, so that the owner of the flash drive can boot an encrypted system automatically without needing a password (or maybe just using a short password that's quick to type in addition to the keyfile).
     
Loading...