TrueCrypt, PasswordSafe and Putty on a thumb or flash drive

This article outlines how to install and use an encrypted file system using TrueCrypt on a flash drive for use in Windows XP or newer. (I also use these tools in linux environments as well!) This is something I have been doing for a few years now, but haven't gotten around to writing it all up for the public. Recently, a couple of my friends had been talking about how they dislike having to remember a ton of passwords to access everything they need for work, etc. when each system has a different set of rules for their passwords. That got me thinking of the solution I've been using and I decided it was time to write it up for others.

Using this solution, you will need to remember a minimum of one password, but a maximum of four - depending on what you feel safe with. While following the setup in this article, you will need to use passwords for your encrypted file system (two passwords), your SSH key (if you use a passphrase that is different if one at all) and the password to your password list.

This article does assume you are working in Windows, but all the steps are nearlt identical for other platforms. If you are using linux, many of the programs used in here may be available through your distribution's software repository and easily installed through your package manager.

Feedback or Suggestions

If you have feedback or suggestions (new/useful utilities, etc.), feel free to contact me and I may just add your suggestions to my article.

TrueCrypt, PasswordSafe and PortaPutty

To follow this article and use this solution to your password-remembering hassle, you will need to download the following programs. Note that this article is directed at Windows users; however, I use the same processes for linux as well (but the programs are installed locally on those machines).

Installation and Configuration of the TrueCrypt Encrypted File System

While using an encrypted file system is not necessary, some people have ultra-sensitive password databases. When I first started using this method, I was a system administrator for a local ISP. Having my passwords getting into the wrong hands could potentially be disaster not only for me, but for all of the ISP's customers as well. If you do not feel you need to have an encrypted file system to store your passwords, skip on to the next section of this article.

  1. Download and run the installer from the TrueCryt website and choose to extract the files to your flash drive (F:\ in this article)
  2. Run F:\TrueCrypt Format.exe
    1. Choose to create an encrypted file container, click next
    2. Choose to create a hidden TrueCrypt volume, click next
    3. Choose Normal mode, click next
    4. Enter volume location (F:\TrueCrypt.fs in this document), click next
    5. When asked for the Outer Volume Encryption Options, choose the algorithm and hash you wish to use, click, next.
    6. Specify the size you want the encrypted outer volume to be, click next. The outer volume will hold the hidden volume, so be make sure you make it large enough to hold the hidden size in addition to some decoy files.
    7. Enter an outer volume password, confirm it, then click next.
    8. Click the format button to create the volume.
    9. (Optional) Add some files to the outer volume that look important, click next when done. These are decoys files in the event that someone gains access to your outer volume password (or you are forced to reveal it).
    10. Choose algorithm and hash for hidden volume, click next
    11. Choose the size you want the hidden volume to be, click next.
    12. Enter a different password for the hidden volume, click next
    13. Click the format button to create the volume.
    14. Close the format utility when finished.
  3. Run F:\TrueCrypt.exe
    1. Select a drive letter that you want to mount your filesystem under (H:\ for this document)
    2. Select the file that has your volumes in it (F:\TrueCrypt.fs)
    3. Click the Mount button.
    4. Enter the password to the volume you want to access. The first password you entered was for the outer volume (decoy), the important, hidden volume is the different second password you had entered.

When You Want To Access Your Data on the Encrypted File System

  1. Run F:\TrueCrypt.exe from your flash drive
    1. Select a drive letter that you want to mount your filesystem under
    2. Select the file that has your volumes in it (F:\TrueCrypt.fs)
    3. Click the Mount button.
    4. Enter the password to the volume you want to access. If you want the hidden volume, enter that password, if you want the decoy volume enter the outer volume password instead.

When You Are Done With Your Encrypted File System

  1. Run F:\TrueCrypt.exe from your flash drive
    1. Select your mounted volume
    2. Click the Dismount button.

It is now safe to remove your flash drive from your computer the way you normally do.

Using PortaPutty for your SSH Needs (in Windows)

Yes, the name is funny, it is perfectly healthy to laugh at it! Now that we got that out of the way, this is the utility we will be running from our flash drive to log into servers through the SSH protocol. If you don't know what SSH is, you may not need this. If all you are after is storing passwords, you can safely skip this section of the article to learn about PasswordSafe.

If you are still reading, then I am assuming you know about SSH, access keys and may have even used puTTY in a Windows environment before. If you have a differnt SSH client that you like to use, you are welcome to use that in place of this. The reason I chose to use PortaPutty was so I could save all my profiles to the flash drive and easily access them with my access key without worrying about drive letters, using different computers, etc. When I am using linux, I simply use the command line for my ssh needs.

  1. Download PortaPuTTY (http://socialistsushi.com/portaputty)
  2. Extract the contents of the zip file to the hidden volume (F:\putty)
  3. Create a the F:\putty\keys directory, and upload the access keys you'd like to use with PuTTY.
  4. Create your PuTTY profiles
    1. Run F:\putty\putty.exe
    2. Fill in the connection information in the Session screen of PuTTY config.
    3. Under Connection -> SSH -> Auth, browse to the key file you want to use with this connection.
    4. Modify the key path so that it starts with "keys\"
    5. Go back to the Session screen, give the profile a name and save it.
    6. Test connection. You should be able to authenticate with your key on the server now. If not, be sure that you have added your key to the authorized_keys file on the server.
    7. Repeat for each profile you want to save (this can be done at any time, it doesn't have to be done right now).

Using PasswordSafe to Manage Your Passwords

This utility is the key to not having to remeber all of your passwords. The encrypted database locks itself after a period of inactivity and allows you to copy/paste passwords without having to even see them. password-gorilla works in much the same way as described below, but your mileable may vary depending on the program you decided to useif you are working in linux.

  1. Download and run the PasswordSafe installer
  2. Choose to install to your flash drive (F:\Password Safe)
  3. Create the "databases" directory and copy any of your existing database files if you have any.
  4. Run F:\Password Safe\pwsafe.exe and open one of your databases or create a new one.

If you have never used PasswordSafe, I will give you a couple quick hints. Firstly, when you create your database password, be sure it is a long one with uppercase letters, lowercase letters, numbers and even punctuation. Obviously, you will want something you can remember and isn't too cumbersome to type.

Once you have the database and its password all ready to go, open it up from the pwsafe.exe interface, and start adding entries into the database (Edit -> Add Entry). There are a large number of options available to you for managing your password entries. The title is what will show up in the interface for you follwed by the username in brackets. The other important field for new users is password field itself. If you are someone like me and have a large number of server logins for different clients, projects, personal, etc., then the group field can also be a nice feature to use to help organize the list of logins for you.

You will be tempted to create a password you will remember, but I suggest to simply use the generate button. If you use that option, click the Show button and change the password on the system to match this database entry. It is OK if you can't remember it! The whole point of this utility is to save free space in your brain by not having to remember all the passwords!

Configuration Tips

The biggest thing to remember about your hidden and outer volumes of your encrypted file system is the "free" space you have in the outer file system. For instance, if you have an outer volume of 100MB and a hidden volume of 90MB, you will need to be sure not to write more than 10MB to the outer volume. If you do, the hidden volume will become corrupt and the data held within it will be lost. (Make backups regularly!)