Encrypting your files is the way to go if you are looking to protect sensitive information from being accessed by unwanted users. The process usually involves creating an encryption key that will be used to make the file readable only by you once encrypted.
Some operating systems have pre-installed tools that provide this security feature while you would need to install third-party software to perform this on others.
Options for encrypting files
Local disk encryption typically has two options that you can proceed with, and each has pros and cons:
- Encrypting entire hard disk – Full disk encryption encrypts all data on your hard drive, including your documents, application data, and operating system files. This method requires you to input your encryption key every time the machine boots to gain access. The event of an encrypted hard drive becoming corrupted can cause permanent data loss and so it is important to note that you should back up the disk data regularly.
- Encrypting individual folder of files – With this option, you would simply select a folder from your program of choice that will encrypt the data stored there with an encryption key you create.
Unless your regular work involves working with files that contain sensitive information, it is not recommended to encrypt your entire hard disk. Creating an encrypted folder would protect those sensitive files and making them accessible and readable only by the use of the encryption key.
Encrypting Individual Folders and Files
To perform this, we will use the open-source software VeraCrypt that is available for free on Windows, Linux, and Mac OS.
1) Once installed, select ‘Create Volume’ from the main screen of the program and choose ‘Create an encrypted file container’. This will create a virtual encrypted disk that you can mount and place files in that you wish to encrypt.
2) Select ‘Standard Volume’ and continue or ‘Hidden Volume’ if you wish to hide the volume that VeraCrypt creates.
3) Choose a location for your volume and choose a name also for it to be saved. It should be saved as a (.hc) file that VeraCrypt will recognize.
4) Choose an encryption algorithm from the next screen. AES is usually selected by default and fine to proceed with. However, you can select multiple to use a layered model of encryption.
5) Input the size that your volume will be. This automatically creates a file on your machine with the size you specified.
6) Choose a strong password from here that will be used to encrypt your data. You can also use a key file that you can save on your machine or a USB drive.
7) Follow the next screen to generate a random key by moving the mouse around the interface randomly.
8) Finally, select ‘Format’ and VeraCrypt will complete the process of creating your encrypted volume.
To mount the volume, click ‘Select File’ from VeraCrypt’s main screen and choose an available drive letter from the list. Finally, select ‘Mount’ and input the volume password. The drive will show up with other drives under your list of drives in ‘This PC’ or ‘My Computer’. You can place any file or folder here that you wish to encrypt. To remove the drive, head back to VeraCrypt and select ‘Dismount All’.
Full Disk Encryption with VeraCrypt
The steps for this performing this method of encryption is as listed:
- Select ‘Create Volume’ from the home screen, then choose ‘Encrypt the system partition or entire system drive’ to proceed with full disk encryption.
- Select ‘Normal’ for the type of System Encryption after this recent prompt screen.
- Select ‘Encrypt the whole drive’ from the Area to Encrypt screen.
- Select ‘No’ for Encryption of Host Protected Area.
- If you have multiple operating systems installed, you could choose the multi-boot option for Number of Operating Systems. Otherwise simply select single boot.
- Next, VeraCrypt will allow you to choose an encryption algorithm. AES is usually selected by default and fine to proceed with. However, you can select multiple to use a layered model of encryption.
- Enter a strong password to use that will encrypt your files. VeraCrypt will specify a recommended length with characters to create a strong password. If you lose this password, your computer will become unbootable, and you will lose access to your data.
- Follow the instructions from VeraCrypt to move your mouse along the interface in random directions to generate a strong random key.
- Select a location for your Rescue Disk and save it as an ISO file that can be burned to a CD/DVD. This will be used to decrypt your data if anything becomes corrupted on the drive
- Choose a Wipe Mode for the drive that will erase the disk data and replace it with encrypted data. A pass of 3 or 7 would be fine to proceed with. The time this takes to complete depends on the size and speed of your disk.
- VeraCrypt will perform a test to ensure that everything is compatible before erasing the disk and replacing it with encrypted data. The machine will finally reboot and prompt you the password you created to unlock the drive.
This completes the guide on how you can encrypt files on your hard drive to restrict access to them from unwanted users or programs that use your machine. Always ensure that you choose a strong password once you are going to do this so that you never lose access to the files.
Contributed by: Jason Jacobs from Guyana. Jason is a member of the CCST Discord group from the G5 Cyber Security Foundation Ltd. Learn more about CCST (Caribbean Cyber Support Team) by visiting caribbeancst.org. CCST is a collaborative group on the Discord platform for Caribbean people in IT, from beginners to experts.
Connect with him on Linkedin: https://www.linkedin.com/in/jasonthename/