Installation Guide – Setting up tCrypt2Go and vCrypt2Go to Encrypt USB Thumb Drives

Warning: This guide is for system administrators or experienced enthusiasts. It may involve a steep learning curve if you are a novice, and risk breaking systems or losing data if the involved low-level system tools (such as diskpart) are not used carefully. There is no guarantee. One way to avoid risk is to engage professionals to perform the process on one of the freelancing platforms.
This is an article for users illustrating how to encrypt a USB thumb drive or memory card (click here if you have a portable hard disk instead) as a container (virtual disk file) for use with tCrypt2Go lock-and-unlock utilities for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified).

(This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go)


List of Steps

  1. Formatting Thumb Drive and Copy TrueCrypt Files
  2. Creating a 10 MB Dummy File as Buffer (Optional)
  3. Creating Encrypted Container with TrueCrypt
  4. Unlocking Encrypted Partition and Copy TrueCrypt Files There
Required Files
Supported Hardware
  • A portable drive of Removable Media type (such as a thumb drive or memory card)
  • A portable drive of Fixed Disk type (such as an external hard disk)
    • If you have this type of device, you may also the Installation Guide for Portable Hard Disk instead

1. Formatting Thumb Drive and Copy TrueCrypt Files

For USB thumb drives, We need to format it using Windows Explorer (or File Explorer).

a. Connect the drive to be encrypted to a PC running Windows XP or above. (Note: TrueCrypt discontinued support for Windows 2000 although it could still work.)
b. Run My Computer (press "Win+E" hotkey). Right-click the drive, select "Format"


c. Volume label: "UNPROTECTED"; Format options: "Quick Format"


d. Download and extract "tCrypt2Go and vCrypt2Go.zip" and copy all files in "tCrypt2Go\Thumb Drive" or "vCrypt2Go\Thumb Drive" folder to the root of the UNPROTECTED drive:
  • .DO_NOT_DELETE (hidden from Windows with a hidden attribute)
    • TrueCrypt/VeraCrypt for Mac
      • README.txt
      • TrueCrypt.dmg/VeraCrypt.dmg (optional: download TrueCrypt or VeraCrypt and store the original Mac installer here)
    • TrueCrypt/VeraCrypt for Windows
      • README.txt
      • TrueCrypt Setup.exe/VeraCrypt Setup.exe (optional: download TrueCrypt or VeraCrypt and store the original Windows installer here)
    • Lock_Mac.command
    • Unlock_Mac.command
      • tc.exe/vc.exe (REQUIRED: download TrueCrypt or VeraCrypt and perform installation or extraction, then copy TrueCrypt.exe or VeraCrypt.exe here and rename them as tc.exe or vc.exe)
      • TrueCrypt.sys/VeraCrypt.sys (REQUIRED: as above, copy TrueCrypt.sys or VeraCrypt.sys here)
      • truecrypt-x64.sys/VeraCrypt-x64.sys (REQUIRED: as above, copy TrueCrypt-x64.sys or VeraCrypt-x64.sys here)
    • tc-container.tc/vc-container.vc (REQUIRED: the encrypted container file built with ‘TrueCrypt Format.exe’ or ‘VeraCrypt Format.exe’ for Removable Media device type)
  • AUTORUN.INF (to prevent older Windows versions from executing malware triggered via Autorun mechanism; hidden from Windows with a hidden attribute)
  • .Unlock.exe (unlock utility for Windows; hidden from Mac with a preceding dot)
  • .Lock.exe (lock utility for Windows; hidden from Mac with a preceding dot)
  • Lock.app (lock utility for Mac; hidden from Windows with a hidden attribute)
  • Unlock.app (unlock utility for Mac; hidden from Windows with a hidden attribute)
  • ._Lock.app (specifies an icon for Mac; hidden from Windows with a hidden attribute)
  • ._Unlock.app (specifies an icon for Mac; hidden from Windows with a hidden attribute)

(Note: If you are mindful, you may have noticed in the example above, there are no preceding dot characters and the Mac-related files are removed. You may do so only if you do not require Mac support.)

e. Ensure only the folders highlighted below are configured with hidden attributes
Image(6)[4]

f. Right-click "DO_NOT_DELETE" folder, choose "Properties"
Configure the hidden attributes accordingly. Also, ensure "Read-only" is not set on all folders except AUTORUN.INF; otherwise, the drive cannot be written.


For "AUTORUN.INF", set it to "Read-only" and "Hidden"

2. Creating a 10 MB Dummy File as Buffer (Optional)

Note: this step is optional, but is recommended in preparation for a possible future situation in which more storage space is required for the executables or related resources required to unlock and lock the protected area.

a. Run Command Prompt as Administrator
b. Create a dummy file by entering fsutil file createnew DUMMY_FILE 10000000
c. Finally, copy DUMMY_FILE into "UNPROTECTED\DO_NOT_DELETE"


3. Creating Encrypted Container with TrueCrypt

a. Download and run TrueCrypt Setup/VeraCrypt Setup (see step 1d above for the location of this file) and install the program, or specify to extract the files to a location.
b. In extracted or installed directory, run "TrueCrypt Format.exe" (for TrueCrypt) or "VeraCrypt Format.exe" (for VeraCrypt).


c. Select "Create an encrypted file container".


d. "Select File"


e. Browse "DO_NOT_DELETE" folder.


f. Enter file name: tc-container.tc


g. Confirm path, which is "G:\DO_NOT_DELETE\tc-container.tc" for TrueCrypt in this example (or "vc-container.vc" for VeraCrypt). Then click "Next".


h. For "Encryption Algorithm" and "Hash Algorithm", choose any settings as desired.


i. We need to find out how much free space there is for encryption.

In "My Computer" (press "Win+E" hotkey), right-click the drive, select "Properties"


j. Copy the free space, e.g. 3981664256 (bytes)


k. Convert bytes to megabytes by inputting on Google: 3981664256 / 1024 / 1024


l. Use the rounded result "3796" here. Select "MB". We want to use as much free space as possible for encryption.


m. Enter a secure password.


n. Choose any desired file system (according to the explanation at the top of this guide). In this example, the below are selected:
  • Filesystem: FAT; Cluster: Default
It is required to keep moving the cursor around the window for few seconds, then start formatting by clicking "Format".

(Note for exFAT and TrueCrypt users: Unless you use VeraCrypt, this TrueCrypt format tool cannot format a drive as exFAT. TrueCrypt users need to perform it in the Command Prompt. See Optional section or how.)


o. Wait until it is done. It will take a long time for large or slower USB 2.0 flash drives.

4. Unlocking Encrypted Partition and Copy TrueCrypt Files There

Now, we will test the encrypted partition by unlocking it and copy a few files there so that users can easily lock it back.

a. Unlock by double-clicking "UNPROTECTED\.Unlock.exe".


b. Enter password.


c. Then the encrypted partition will be unlocked as below. Right now it is empty.


d. Optionally, copy "Lock.exe", the hidden "DO_NOT_DELETE" and "AUTORUN.INF" folders from step 1d here (so that users can conveniently lock the drive after use, and prevent the drive from executing Autorun malware under XP.)


e. Double-click "Lock.exe" to test. If the encrypted partition letter (e.g. E:) is unmapped (dismounted), it works!

List of Articles on tCrypt2Go/vCrypt2Go

Welcome to support this project by buying a cup of coffee ☕ if this tool is useful to you. 😊 Thanks!

Comments