BitLocker normally encrypts entire drives and partitions, but you can also create encrypted
container files with tools built into Windows. Such encrypted VHD files
can easily be moved between systems, backed up, and hidden when not
in-use.
This trick allows you to create TrueCrypt-style encrypted volumes as files on your computer. Like other BitLocker features, it requires a Professional or Enterprise edition of Windows, or Ultimate for Windows 7.
Create a Virtual Hard Drive File
First, we’ll need to create a VHD (virtual hard drive) file — this
may also be called a disk image. This file is stored on a physical
drive, and it can be used as a virtual drive. For example, a 2 GB VHD
file takes up 2 GB of space on a physical drive and appears as a
separate 2 GB drive in Windows.
The Disk Management tool in Windows provides everything you need to create VHD files and work with them. To access it, press Windows Key + R to open the Run dialog, type diskmgmt.msc
into it, and press Enter. On Windows 8 or 8.1, you can also right-click
in the bottom-left corner of your screen or press Windows Key + X and
click Disk Management.
Click Action > Create VHD in the Disk Management window to start creating a VHD file.
Enter a desired size and location for the VHD file. The file will be
stored in the location you choose, and it will be as large as the size
you enter here.
You should probably use the default Fixed size option, as this will
save time when writing files to the encrypted VHD file and reduce
possible fragmentation. If you want to enlarge the VHD file later, you
can use the expand vdisk command in diskpart and then enlarge the partition on it. This will take a few minutes, but it is possible.
The disk image will appear as another disk in the Disk Management window — right-click it and select Initialize Disk.
Select the GPT (GUID Partition Table) option if you’re using Windows 8
or 8.1. This is a newer type of partition scheme, but it’s more
resilient to corruption because it stores multiple copies of the
partition table on the disk.
If you’re using Windows 7 or would like to be able to mount and
access the VHD file on Windows 7 systems, select MBR (Master Boot
Record) instead.
Next, create a partition on the VHD file. Right-click the Unallocated
space on the drive in the Disk Management window and select New Simple
Volume.
Go through the wizard to create the partition with the NTFS file
system and the maximum size — you can leave the default options
selected. The one option you might want to change is the Volume label
option. Give your drive a meaningful name, like Encrypted VHD.
Encrypt the Disk Image With BitLocker
The VHD file you created will now appear as a new drive in File
Explorer or Windows Explorer. You can right-click the new drive and
select Turn on BitLocker to enable BitLocker for the drive.
Go through the usual BitLocker setup process, setting a strong password to unlock the drive and creating a backup of your recovery key in case you’ll ever need it.
Avoid selecting an unlock method that requires a TPM — such as
“Automatically unlock this drive on this computer” — or you won’t be
able to access the encrypted VHD file on another computer unless you
provide your recovery key.
BitLocker will immediately encrypt the drive without any reboot
necessary. This should be almost instantaneous if you started with an
empty drive. Files you store on the drive will be encrypted and stored
inside the VHD file.
Lock and Detach the Disk Image
When you’re done using the encrypted drive, you can right-click it in
File Explorer or Windows Explorer and select Eject to lock the
partition and eject the VHD file from your computer. This removes the
virtual drive from the list of drives in My Computer and the Disk
Management window, hiding it. The drive will also be locked — but not
ejected — if you shut down your computer.
To access the encrypted VHD file in the future, you can open the Disk
Management window and select Action > Attach VHD. Browse to the VHD
file on your system, and attach it to your system.
You’ll have to unlock the encrypted drive with your password after re-attaching it or restarting your computer.
The VHD file can be stored or backed up wherever you want it. Be sure
to eject the volume before copying the VHD file or backing it up. You
might end up with a corrupted VHD file if you created a copy of while
it’s in-use and being written. Just attach the VHD file to another
Windows Professional or Enterprise system and unlock it with your
BitLocker password to access your files.
No comments:
Post a Comment