TrueCrypt 7.1a Encryption Without Windows Error Messages

As described in another post, in summer 2014 TrueCrypt was in the throes of a major change and/or its demise. Awkwardly, TrueCrypt had also just received a passing grade on the first phase of an in-depth audit of its security capabilities, and meanwhile DiskCryptor, possibly its chief competitor, was still showing definite signs of immaturity. My working solution under these circumstances was to retain TrueCrypt (using version 7.1a, which as noted in that other post was still available for download, not version 7.2) and simultaneously to work toward greater familiarity with DiskCryptor. Later, I would switch to VeraCrypt, which was actively maintained and was growing beyond TrueCrypt’s limits and its potential problems.

The event triggering my inquiry had been simple and familiar. In TrueCrypt 7.1a, I had encrypted a hard disk drive (HDD) with a set of options that yielded a problematic error message, each time I connected the drive. This was an internal type of hard disk drive (HDD), but I was using it as an external drive: I plugged it into an external drive dock, connected to the computer via USB cable, and turned on the power. Shortly after I did that, Windows popped up a dialog that said this:

You need to format the disk in drive F: before you can use it.

Do you want to format it?

I knew better than to click Yes. And yet, came the day when I was not paying attention, and clicking Yes resulted in the loss of the data on that drive.

Next time I used TrueCrypt to encrypt a drive, I would want to arrange things so that it would not pop up that Windows dialog. To achieve that result, people suggested several approaches, including these:

  1. Use a partition manager (e.g., Disk Management or, for a friendlier option, MiniTool Partition Wizard or Easeus Partition Master or Parted Magic) to divide the drive into a tiny partition and a large partition. The sole purpose of the tiny partition is to be formatted as NTFS so that Windows will recognize it as a drive. This will apparently eliminate the error message. Now use TrueCrypt to encrypt the large partition as desired.
  2. Instead of using TrueCrypt to encrypt an entire partition, use TrueCrypt to create an encrypted file filling a Windows-formatted partition.
  3. Use TrueCrypt to encrypt the entire drive. Then use the Windows diskpart tool to change the drive type. That is, at the Windows command prompt, type diskpart and then enter this sequence of diskpart commands: list disk, select disk N, list partition, select partition N, set id=64, exit. With this approach, the partition will no longer be recognized as a TrueCrypt favorite. That will not matter to people who do not use favorite names in TrueCrypt.
  4. In Disk Management (diskmgmt.msc), right-click the TrueCrypt partition > Change Drive Letter and Paths > Remove. This approach would reportedly work only on the machine on which it was done; connecting the drive to another computer would apparently produce the “You need to format the disk” message.

I tried approach no. 1. It did not work for me. I did not try no. 2. I tried no. 3. In my case, disk N was disk 6. When I typed “set id=64,” I got back, “DiskPart successfully set the partition ID.” I exited diskpart, unplugged the drive, reconnected it — and, what do you know, it worked. This time, no pop-up offering to reformat the drive. I went into TrueCrypt and mounted the drive. Everything seemed good. It appeared that option 3 worked for me.

Advertisements
This entry was posted in Uncategorized and tagged , , , , , , , , , . Bookmark the permalink.

2 Responses to TrueCrypt 7.1a Encryption Without Windows Error Messages

  1. Karim says:

    Hello Ray, thanks for sharing your experience. But If you wouldn’t mind I have some questions:
    1- You said that you changed the ID of the drive, but I confused what should I change; An ID of a mounted Truecrypt partition, or the ID of partition when it showed the “need format” popup
    2- It’s obvious that you used cmd to change the ID, but do you have any idea if this method going to work using 3rd party tools like MiniTool Partition.

    • Ray Woodcock says:

      For those not familiar with VeraCrypt, I’ve updated the first paragraph of this post to include a link to information on that replacement for the now-discontinued TrueCrypt. No guarantees as to whether that will eliminate the particular kind of problem under discussion here; it’s just a generally recommended transition.

      To answer your question, I think you’re referring to the “set ID” command in DiskPart. DiskPart is a program that runs at the command prompt. Once you’ve started DiskPart, you have to use its own internal commands. “Set ID” is one of those commands.

      I think you understood that already. I think you’re asking which partition you should be changing: the one that exists as soon as you connect the drive and turn on the computer, or the one that only exists when you mount the drive in TrueCrypt.

      On that, let me offer an additional suggestion. To avoid involving two different drive letters, when doing (or redoing) the original Windows format of a new drive, don’t let it assign a drive letter. Instead, choose the option that says something like, “Don’t assign a drive letter.” In that case, the first of those two partitions will no longer appear, and you will no longer get that Windows message seeking to reformat the drive when you connect it. Then there will no longer be the risk of accidentally formatting a drive that doesn’t need to be formatted.

      I would add that last suggestion to the text of this post, but I’m not presently set up to test everything in TrueCrypt, so I can’t elaborate on the specific steps. Likewise, I cannot be entirely confident that I have the right answer to your first question: I’m not set up to test it for sure. At this point, the best I can do is to offer a guess (no guarantees), as follows: (1) see whether DiskPart is, in fact, listing both the Windows drive and the TrueCrypt encrypted volume (if not, then just go with whatever volume it does list), and (2) if you have to choose, try the Windows volume first, not the TrueCrypt volume. That seems to be what they are advising at gHacks.

      Needless to say, backup is always recommended before tinkering with any partitions containing data.

      On your second question, I don’t presently know of a way to accomplish this using other software (e.g., Partition Wizard). It is something I will have to look into, next time I find myself trying to apply the steps in this post. Speaking of which, in the comments at SuperUser, they seem to be saying that the “set ID” command may not work in Windows 10; they offer an alternative.

      But maybe you were asking whether this would have any effect on what is displayed in tools like Partition Wizard. I don’t think so; I think they will continue to display the same partitions. But, again, my head is not entirely there right now, and in any case I’m not set up to test it.

      Hope that helps.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.