Helping people with computers... one answer at a time.

Backing up data to a drive encrypted using Truecrypt is really no different than backing up to any other drive. I'll review why that is and some of the variations of backing up with TrueCrypt.

How do you perform a backup to an external drive that is TrueCrypted? Do you just mount a drive on the external hard drive then backup will know to backup into TrueCrypt?

Backing up TrueCrypt volumes and backing up to TrueCrypt volumes tend easily to confuse people.

In this audio segment from an Ask Leo! webinar, I'll discuss how backing up and TrueCrypt relate and review what I do to backup my TrueCrypt encrypted data.

Listen:
Download the mp3 (9M)

Transcript

Leo, how do you perform a backup to an external drive that is TrueCrypted? It might sound stupid, I know. [Leo: No, not at all.] You just mount a drive on the external hard drive then backup will know to backup into TrueCrypt?

So it's actually ... TrueCrypted backup is a really interesting combination of things. First of all, TrueCrypt doesn't know about backups and backups don't know about TrueCrypt. They don't need to know about each other.

What you have to realize about TrueCrypt is that regardless of how you use it, the way it manifests to your operating system is as a drive so whether you have whole drive encryption (which you might be using for your external drive)... I actually have an external drive; the one I travel with is whole drive encrypted. Once you mount that drive, and by mount, you actually go through the process of TrueCrypt specifying a password for that drive so that they can appear on your system, you can then use it just like any other drive.

So can your backup software. The backup software, if it [the Truecrypt volume] mounts as drive Q:, then you just tell your backup software to backup to drive Q:. The same thing for TrueCrypt containers; when you're not necessarily doing whole drive encryption, the container... Once the container is mounted, it simply looks like a drive. I actually, on my desktop machine, I use TrueCrypt, I've got like a 200 GB TrueCrypt container file that is my primary workspace and it just looks like drive F.

So, if I wanted to run a backup, I could tell the backup software to just throw the backups on drive F and they would basically get thrown into the mounted TrueCrypt volume that (once it's dismounted, of course) is encrypted. You can get at it. So the short answer is, "Sure, no problem." Just make sure you're telling you're mounting the drive however it is you mount your TrueCrypt encrypted drives, be they containers or whole drive encryption and then tell your backup program, 'Hey, use drive whatever - Q:.' Then that is the drive that appeared when you mounted your TrueCrypt drive.

Everything should be just fine. Now one of the other questions commonly the reverse and that is when I have a bunch of data in a TrueCrypt container as I do, how should I back that up? Do I back up the container; do I back up the data? There's two schools of thought on that. I back up the container. What that means is and it's just one file, it's great.

It's one file that then contains all of my protected files within it. It's not 200 GB, by the way; this is a smaller one. It's much more manageable for backing up. The smaller one actually has all of my personal financial things. I just back up that file. I back it up in multiple places and what's nice about that is I don't need to take any additional security precautions.

I know that container file (if it's not mounted) is just so much noise. Everything that's in the container is protected. The only to get at the contents of the container is to know the password or in my case, the passphrase and I ain't gonna tell you that so that data is safe. The other thing... the problem with that scenario though, of course, is that in order to access the data, you need TrueCrypt.

You must have TrueCrypt in order to be able to mount and actually read the contents of that container that backed up container. So the other school of thought is mount the container and then back up the files within it. In other words, if the container shows up as drive Q and those are all your protected files, back up those files.

The downside there, of course, is that you now must take security precautions for your backup because your backup now contains unencrypted clear potentially private files that you normally would want to have encrypted. So there's two ways to go about that. Like I said, I tend to choose... I mean TrueCrypt has proven to me to be so reliable and so ubiquitous that I'm very happy just backing up a TrueCrypt container file and going from there.

Article C5439 - June 9, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
bob price
June 12, 2012 1:37 PM

"Just make sure you're telling your mounting the drive however it is you mount your TrueCrypt encrypted drives, be they containers or whole drive encryption and then tell your backup program, 'Hey, use drive whatever,"

Huh?

The problems with talking and literal transcripting - sometimes things don't come across well when I speak a false start. Should be "Just make sure you're mounting the drive ..."
Leo
12-Jun-2012
Bill
June 12, 2012 7:42 PM

If I have a full backup and and several incremental backups on an external drive can I then go ahead and encrypt them?
Can I set it up that all future backups are encrypted?
How do I then restore them if needed?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.