What Files?
-
- UraniumLounger
- Posts: 9628
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
What Files?
I want to put Windows 11, the os and all the files it needs to run programs, in a partition on my thumb drive. My thought was to copy whatever files are needed to the partition I created to hold the os. I realize that I will have to make the drive bootable in order to be able to boot from it, but I'll do that at a later point. For now, I just want to get Windows files on the thumb drive in one partition and everything else on C: on the thumb drive in a separate partition.
Am I making the problem a nail because I only have a hammer (ie, I know how to copy files)? Is there a better way to do this?
At some point down the line, after I've become familiar with encrypting data, I will want to break my primary SSD into Windows, and what it needs, and data. I have done this is the distant past but don't remember how or what precautions to take to avoid screwing things up. This is especially important because I have Windows 11 Pro on the drive as it came with the system, but I do not have a CD from which to reinstall it or a product code.
Is it sufficient to copy the Windows folder highlighted in the screenshot and its contents to the thumb drive? Doesn't that leave all the program files behind? My goal is to encrypt data without having to encrypt by os and software. It seems to me that I need to keep the 2 program file folders, the Windows folder, and perhaps the Perf Logs folder together. The Users folder seems to have subfolders for my name and unused public users. The folder with my name seems to have all my data. Does Windows need the Users folder?Am I making the problem a nail because I only have a hammer (ie, I know how to copy files)? Is there a better way to do this?
At some point down the line, after I've become familiar with encrypting data, I will want to break my primary SSD into Windows, and what it needs, and data. I have done this is the distant past but don't remember how or what precautions to take to avoid screwing things up. This is especially important because I have Windows 11 Pro on the drive as it came with the system, but I do not have a CD from which to reinstall it or a product code.
You do not have the required permissions to view the files attached to this post.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- PlutoniumLounger
- Posts: 16411
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: What Files?
Bob, I think you may be running a bit ahead of yourself here. Your goal is achievable by you because it has been achieved by me, without cloning or otherwise touching the OS & Programs.
But first get comfortable with encryption.
I suggest that you keep playing with that thumb drive.
- Split it into two partitions.
- On the first partition drag a folder of about 1 GB in size. Any folder will do; make a copy of one of your data folders. Let's pretend that this first partition holds your o/s and programs.
- On the second partition drag a different folder of about 1 GB in size. Any folder will do; make a copy of one of your other data folders. Let's pretend that this partition holds your data files..
- You now have two partitions (with different contents) on your thumb drive.
- Fire up your encryption program and run through the steps to encrypt that second partition in place; this might take an hour or so. I recommend using the password "password" which makes it easy for you to remember for the next day or two.
- Practice mounting and dismounting that second partition.
- This is what you will be doing once your C: drive is split into two partitions.
Cheers, Chris
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- UraniumLounger
- Posts: 9628
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: What Files?
Good advice. I'm thinking too far ahead.
I have the thumb drive partitioned into 2 volumes. Can I use VeraCrypt to encrypt files copied to one of the volumes?
IIRC your tutorial says to remove the label from a volume before using VC.
I have the thumb drive partitioned into 2 volumes. Can I use VeraCrypt to encrypt files copied to one of the volumes?
IIRC your tutorial says to remove the label from a volume before using VC.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- UraniumLounger
- Posts: 9628
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: What Files?
OK, Nephew, I gave your process a try. I used VeraCrypt to try to encrypt a large SketchUp file. It seemed to be running. I used the 'move the mouse' action as suggested.
That was yesterday, mid-afternoon. It was still running - or appeared to be - 24 hours later. I cancelled the instance of VC that was running.
That was yesterday, mid-afternoon. It was still running - or appeared to be - 24 hours later. I cancelled the instance of VC that was running.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- PlutoniumLounger
- Posts: 16411
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: What Files?
Hi Bob. I think that I didn't ever suggest that you encrypt a File; I only ever encrypt a Partition.BobH wrote: ↑26 Sep 2024, 20:46OK, Nephew, I gave your process a try. I used VeraCrypt to try to encrypt a large SketchUp file. It seemed to be running. I used the 'move the mouse' action as suggested. That was yesterday, mid-afternoon. It was still running - or appeared to be - 24 hours later. I cancelled the instance of VC that was running.
You should by now have a memory key with two Partitions.
Onto each partition you have dragged a Folder which contains Files.
The next step is to encrypt the Partition.
The Partition being encrypted, all the files on that Partition will be hidden from view UNTIL the Partition is un-encrypted.
It's rather like stacking all your paper documents into a leather briefcase and then locking the briefcase; with the briefcase locked, all the files are secure.
Cheers, Chris
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- Administrator
- Posts: 12856
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: What Files?
It is quicker to encrypt an EMPTY partition, and then copy the files to this encrypted partition.
If you copy the files first and then encrypt the partition this can be very slow (hours or even days)
If you copy the files first and then encrypt the partition this can be very slow (hours or even days)
StuartR
-
- PlutoniumLounger
- Posts: 16411
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: What Files?
Agreed!
Especially with something like the "RoboCopy /CREATE" command.
But in this case I was trying to take a step-by-step approach to learning about (a) partitions and (b) encryption.
In particular, playing with a memory key in various ways as a means to feel comfortable with the various options.
Cheers, Chris
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- Administrator
- Posts: 12856
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: What Files?
StuartR
-
- UraniumLounger
- Posts: 9628
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: What Files?
OK, fellows, you're making my aging brain ache.
My understanding has been - probably incorrectly - that what gets encrypted is data. Files contain data. Partitions are just defined places to put data. Analogy: A partition is to data as a closet is to clothing.
If I create and empy partition how does it get encrypted? What happens when I copy files to that partition?
Obviously, I don't have a clear concept of what takes place. I've considered encyption to be like scrambling eggs (data) only with the ability to put the eggs back into the shell, uncooked.
My understanding has been - probably incorrectly - that what gets encrypted is data. Files contain data. Partitions are just defined places to put data. Analogy: A partition is to data as a closet is to clothing.
If I create and empy partition how does it get encrypted? What happens when I copy files to that partition?
Obviously, I don't have a clear concept of what takes place. I've considered encyption to be like scrambling eggs (data) only with the ability to put the eggs back into the shell, uncooked.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- PlutoniumLounger
- Posts: 16411
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: What Files?
You use a program, Veracrypt, to encrypt the empty partition.
Veracrypt now "knows" that the partition is encrypted.
At the time you ask Veracrypt to encrypt the empty partition, you tell VeraCrypt what the password is to be. (I recommend beginners use "password" during these trials; one less thing to remember or to lose)
That is akin to giving a big metal key to Veracrypt and telling Veracrypt "Keep this briefcase/closet locked at all times, OK?"
When you say "Copy this file to my encrypted partition", Veracrypt knows that the partition is encrypted; after all, Veracrypt can see the key in the closet (or knows that it has the key to the closet).What happens when I copy files to that partition?
Veracrypt unlocks the closet, copies in the file, and quickly locks the closet again.
I hate to say this, but this action is faster even than Everything ( )
When you say "Get me this file from the closet", Veracrypt knows that the partition is encrypted; after all, Veracrypt can see the key in the closet (or knows that it has the key to the closet).
Veracrypt unlocks the closet, grabs the file, and quickly locks the closet again.
Agreed.Obviously, I don't have a clear concept of what takes place.
But my position is that once you actually DO the business of encrypting the partition and try copying files in and out, the very actions will make it clear to you.
Although you may find that you have just forgotten that the partition is encrypted, the process is so seamless and silent.
On my system(s) the AutoExec.bat boot sequence fires up Veracrypt which prompts me for the password to the data partition. That's like asking me, The Butler, for the key.
Now that VeraCrypt can/has unlocked the closet/partition, the contents of the partition are available to me. Veracrypt acts as a gofer, negotiating between the encrypted form of data on the partition (hard drive) and the decrypted data in RAM memory (e.g. my word-processing document).
Hope This Helps.
Cheers, Chris
P.S. In English mystery plays and novels, the butler ALWAYS has the key to the cabinet that contains the silver, and whenever he gets a chance, the butler "counts the silver". "I have cou8nted the silver, madam" is perhaps the most complex statement issued by butlers, sometimes their only line.C
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- UraniumLounger
- Posts: 9628
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: What Files?
I typically use File Explorerto copy files into a partition which contains (if I'm well organized) folders where they find cousins. Do I have to switch to using VeraCrypt to copy and retrieve files from an encrypted partition.ChrisGreaves wrote: ↑27 Sep 2024, 18:20. . .
When you say "Copy this file to my encrypted partition", Veracrypt knows that the partition is encrypted; after all, Veracrypt can see the key in the closet (or knows that it has the key to the closet).
Veracrypt unlocks the closet, copies in the file, and quickly locks the closet again.
I hate to say this, but this action is faster even than Everything ( )
When you say "Get me this file from the closet", Veracrypt knows that the partition is encrypted; after all, Veracrypt can see the key in the closet (or knows that it has the key to the closet).
Veracrypt unlocks the closet, grabs the file, and quickly locks the closet again.
. . .
In a former life, I was the technology director for a company that ran ATM transaction routing between banks. In order to ensure that PINs were not sent in the clear over networks which could be hacked, we used an encryption process that employed the DES encryption algorithm and unique keys that were used to 'scramble' the PINs. DES keys were stored in a physically secure module (PSM) that would self destruct if opened or even dropped. Keys were of a fixed length and were separated into segments which were provided by 3 different people to 3 different people so that no individual (in theory) had the entire key at any time. If a key were compromised, the requirement was that it be replaced by a different set of 3 different people. This process required that the 3 people come to our premises which we tried to schedule so that they came at different dates/times. We never had a breach; so I presume the system worked. To my knowledge the network was never hacked, but we had no means to know if it happened or not.
Does VeraCrypt function like the physically secure module? Does VeraCrypt use keys to encrypt the partition/data?
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- PlutoniumLounger
- Posts: 16411
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: What Files?
Bob, you don't have to change; you can age gracefully to a fossil, like me.
You will go on using Windows File Explorer, Void's Everything, Thunderbird's "Attach file" command, MSPaint, Notepad, MSOffice, Lotus Suite etc exactly as you do now.
It's a fact, if you were encrypting a partition for your wife, you could set up the system and tell her "I've put all your data onto a new drive letter, T: (or W: for Wife or ...), and all she would have to do is key in a secret password when the system boots. VeraCrypt will dismount (and hence LOCK) that partition when the system is shut down.
Nothing at all would change for her.
Nor will it for you, excepting as noted, keying in a password when the system boots up.
This whole thing is so transparent that it's pointless trying to work out how it works, except, of course, for the curiosity value which I am glad to see you have not lost (but which is, I think, holding you back).
Just do it.
Veracrypt uses that password as its key. "password" while you are playing in the sandbox of your memory key; "968koqhst7051qhyst" when you swing into Production mode.In a former life, ... Does VeraCrypt function like the physically secure module? Does VeraCrypt use keys to encrypt the partition/data?
There's nothing to stop you using a three-person key system. I can be at 315 West Avenue B around 1630 any day after 4th October if you reply to this before midnight tonight. Note that the schedule is changed; no more of that 11:50 p.m nonsense.
Assuming I can get the taxi to St John's at 7:00 a.m. Saturday - pretty short notice.
Cheers, Chris
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- Administrator
- Posts: 12856
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: What Files?
An encrypted partition can be in one of two states. When it is MOUNTED it acts like any other partition, you can use any program that moves,copies, opens, or saves files exactly as you always have. When the encryption is DISMOUNTED then the files are not visible to anybody and cannot be used.
You use Veracrypt (or whatever other encryption software you have) to mount and dismount encrypted partitions. You need to know the password when you mount the partition.You don't need to use the encryption software when you access the files, that encryption and decryption happens automatically and invisibly.
You use Veracrypt (or whatever other encryption software you have) to mount and dismount encrypted partitions. You need to know the password when you mount the partition.You don't need to use the encryption software when you access the files, that encryption and decryption happens automatically and invisibly.
StuartR
-
- UraniumLounger
- Posts: 9628
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: What Files?
Thank you, gentlemen.
It's good to know that I can continue to use my time worn apps on files after creating the encrypted partition. I only have to mount it and provide the password, right?
It's good to know that I can continue to use my time worn apps on files after creating the encrypted partition. I only have to mount it and provide the password, right?
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 12856
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
-
- PlatinumLounger
- Posts: 4026
- Joined: 24 Oct 2010, 23:39
- Location: Canton, Ohio USA
Re: What Files?
This all was very informative. I am totally in the dark about encrypted drives and amazed with all the information above. Possibly I may understand the question I am about to ask, but I must ask it anyhow to clarify it in my brain. Is all the talk about mounting the encrypted drive and using the files within it apply to the thumb drive in the OP as well as any other patrician that may be created on the system's boot up drive? The reason I ask is in the OP it said,
I think "Mounting" is what has me confused. I assume that if the encrypted drive was a partition on the internal boot-up drive and you had to supply a password for it, that would define "Mounting" even though it is a partition and not a separate physical drive like a thumb drive. Am I understanding this correctly?
Regards,
hlewton
hlewton
-
- Administrator
- Posts: 12856
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
-
- PlutoniumLounger
- Posts: 16411
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: What Files?
Not totally "totally", because your questions are valid and it shows you are very close to (what I think is) the truth.
In the context of Veracrypt (and TrueCrypt and others), we can encrypt a Partition; and a Partition is part of a drive.
Back in the good old days we saw only one partition on a hard drive, so we might lazily say "I encrypted the hard drive" instead of "I encrypted the partition on the hard drive.
When there is only one partition, labeled "C:", then we say things like "My Drive C: is encrypted with Veracrypt" when we might better say "My boot partition, named C:, is encrypted with Veracrypt".
It was the same lax thinking that, thirty years ago, had people pointing to the Big beige Box sitting alongside their desk and saying "My hard drive is on the floor" when they might better have said "My chassis is on the floor", because the Big Beige Box held not only the spinning platters but also a lot of other stuff.
In Bob's case I believe he has a computer on which there is a hard drive, which he sees as "Drive C:", and his Windows operating system files are on drive C:, as are all his data files; Bob wants to separate the two, and (I believe) Bob originally thought of moving the Boot(Windows) files and program files to a bootable thumb drive, leaving his hard drive as the place for all his data files.
I learned about fourteen years ago that I could split the single partition into two partitions, leaving the boot & programs stuff on the originally (and now smaller) partition labelled as C:, and have all my data on the second partition.
That is, I could split one large partition of a hard drive into two (obviously smaller) partitions, leaving everything in place.
No need to mess around with boot files and operating system files and program files.
Once I had managed to separate the files into these two partitions, I could - if I chose - encrypt the second partition, the partition that held my data files - so that only ***I*** could use those data files, provided that I knew the password to unlock the data partition.
The closest I can get to a real-life analogy is that of a two-drawer filing cabinet where I keep the office admin files in one roll-out drawer, and all my client files in a second roll-out drawer, but fix a padlock to that "client files" drawer. Now my Office Manager can get on with the administrative work, but cannot see my confidential client data.
It's still only one metal filing cabinet, but now it is used as two drawers/partitions, one of which is locked.
I think not. I think that early on Bob thought he would have to physically move the operating system files to a physically separate thumb drive. (He may still want to do this, and he can still do this if he wants, but please see Below)Is all the talk about mounting the encrypted drive and using the files within it apply to the thumb drive in the OP as well as any other patrician that may be created on the system's boot up drive? The reason I ask is in the OP it said, BobH:I want to put Windows 11, the os and all the files it needs to run programs, in a partition on my thumb drive.
Right now there are a couple of skills to master:-
(1) Working with Partitions; This involves understanding what partitions are, splitting a single partition into two or more partitions, shrinking and expanding partitions, and so on
(2) Encrypting one or more partitions: Using (in this case) Veracrypt to encode the data in a partition so that it can only be seen, copied, used etc by unlocking the partition with a password. Stuart quite rightly calls this "Mounting". Without the password you can't-get at my data, without the key you can't unlock that second drawer of my filing cabinet.
I'm not sure (wry, but hopeful grin)[/b] I think "Mounting" is what has me confused. I assume that if the encrypted drive was a partition on the internal boot-up drive and you had to supply a password for it, that would define "Mounting" even though it is a partition and not a separate physical drive like a thumb drive. Am I understanding this correctly?
Yes, "mounting" in the sense of encryption means "providing a password, and a letter to use as a drive identifier, and the name or location of an encrypted partition so that Veracrypt can use the password to de-crypt the encrypted partition and from now on refer to it as the drive letter.
In real terms, my boot sequence points to MY encrypted partition and tells Veracrypt to refer to it as T:.
So my daily work takes place on drive T:
Below: My earliest version of an older program TrueCrypt has a date-modified of Sep 28th, 2010, so fourteen years ago. At that time I had clients and client data on a laptop and wanted to encrypt that data.
I did not think of learning about partitions and encryption on a memory key. (1)
I experimented with a Real Live laptop hard drive, OS, Applications, and all my client data (yes,i had backups, but still). I wish someone had suggested I play around with a memory key before taking the big step of "locking away all my client data overnight". What if I locked it up and couldn't unlock it?
So this time around I suggested the use of a memory key as a device on which one can
(1) learn about partitions and
(2) learn about encryption
without risking any sort of damage or corruption to the computers main hard drive.
I hope that I have not added to your confusion.
Cheers, Chris
(1)Since I was at that time a member of Eileen's Lounge, there would have been people around who would have suggested I experiment on a memory key, but back then, as now, I would often ignore good advice! C
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- PlatinumLounger
- Posts: 4026
- Joined: 24 Oct 2010, 23:39
- Location: Canton, Ohio USA
Re: What Files?
Thank you for the explanation. I had to look up the definition of "memory key" and still not sure if it is what you meant. I found,
Now as far as partitions are concerned and my experience with them goes, it's been a very long time. The last time I dealt with them was at least 24 or 25 years ago when I was installing DOS computers in steel mills to monitor hot steel and try to predict its OD and ID or just OD size, (in other words, either a tube or solid bar of steel), when at room temperature. Seems like a lifetime ago and I have forgotten more than I actually knew. Again, thank you.
I see what they do but not sure if they are similar to a password or not.On a memory module keys are physical notches on the module that prevent the memory from being incorrectly installed in a computer system. Memory keys also prevent the memory from being installed into a incompatible computer system.
Now as far as partitions are concerned and my experience with them goes, it's been a very long time. The last time I dealt with them was at least 24 or 25 years ago when I was installing DOS computers in steel mills to monitor hot steel and try to predict its OD and ID or just OD size, (in other words, either a tube or solid bar of steel), when at room temperature. Seems like a lifetime ago and I have forgotten more than I actually knew. Again, thank you.
Regards,
hlewton
hlewton
-
- UraniumLounger
- Posts: 9628
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: What Files?
Doing some "unpacking" here, which will show my state of mental confusion. I've placed my questions in blue, to draw attention to them and to accentuate my confusion.
In starting this process, I had the primary goal of developing and using a routine backup plan. In pursuing that end, I decided that I should encrypt the backed up data for additional privacy and security. In going forward, I thought I should first learn about encryption and how to do it. (I might be mistaken, but I think that encrypting data also has the effect of compressing it, to some extent. It matters only becausecCompressed data will transfer faster as there are fewer bits to read and write. If I'm wrong someone will correct me. )
I see no purpose in encrypting the OS; ergo the goal to put it into its own partition (which I will continue to name C as that has become the defacto designation for a system drive).
Chris was kind enough to send me an article he wrote that takes one through the process of learning about partitioning drives and encrypting data. In it, he suggested practicing on a thumb drive; ergo my referencing it in my OP. It was my idea, not his suggestion, to partition my thumb drive and place the OS and related files in one partition and my data in another on that thumb drive. This has complicated and hampered my learning; so I'm going to reformat the thumb drive and start over.
Question: The thumb drive is formatted as exFAT. Should I retain this or change it to NTFS? Does it matter?
No, this was my own personal sidetrack, or wild 'hare', as it were. I was thinking ahead to the day when I would have the OS in one partition and data in another.
decrypt data when it is read and encrypt data when it is written.
The confusing part for me is this:
If I have a device (a partitioned disk drive of whatever form), that the OS knows by a drive letter (using T: in Chris' example below), do both the OS and VeraCrypt know it by the same drive letter? This makes no difference to the rehearsal using a thumb drive; but, thinking ahead (which is always dangerous when I do it) my system installed solid state drive will have a C: partition containing Windows, and a D: partition containing my data.
As I understand it, I will create that D: partition, using Windows Disk Management for example, then using VeraCrypt, turn that Windows partition D: into an encrypted partition which all my software can then address, read, and write to but which VeraCrypt (or something?) will intercept and encrypt before the binary bits are written. If this is correct, then do Windows and VeraCrypt both need to have the partition defined with the same letter, D:, in this case?
Yes, I have a computer that has a single drive (SSD). That drive contains a single partition: C:. It contains the operating system and related files as well as all my data files (at least all those not stored externally on various devices, eg, thumb drives, SD cards, external hard drives, etc.). At some future date, I will want to create 2 partitions - one for Windows, the other for my data - on that drive without corrupting either the OS or the data; however, that is for a future post.ChrisGreaves wrote: ↑29 Sep 2024, 19:21. . .
In Bob's case I believe he has a computer on which there is a hard drive, which he sees as "Drive C:", and his Windows operating system files are on drive C:, as are all his data files; Bob wants to separate the two, and (I believe) Bob originally thought of moving the Boot(Windows) files and program files to a bootable thumb drive, leaving his hard drive as the place for all his data files.
In starting this process, I had the primary goal of developing and using a routine backup plan. In pursuing that end, I decided that I should encrypt the backed up data for additional privacy and security. In going forward, I thought I should first learn about encryption and how to do it. (I might be mistaken, but I think that encrypting data also has the effect of compressing it, to some extent. It matters only becausecCompressed data will transfer faster as there are fewer bits to read and write. If I'm wrong someone will correct me. )
I see no purpose in encrypting the OS; ergo the goal to put it into its own partition (which I will continue to name C as that has become the defacto designation for a system drive).
Chris was kind enough to send me an article he wrote that takes one through the process of learning about partitioning drives and encrypting data. In it, he suggested practicing on a thumb drive; ergo my referencing it in my OP. It was my idea, not his suggestion, to partition my thumb drive and place the OS and related files in one partition and my data in another on that thumb drive. This has complicated and hampered my learning; so I'm going to reformat the thumb drive and start over.
Question: The thumb drive is formatted as exFAT. Should I retain this or change it to NTFS? Does it matter?
. . .
I think that early on Bob thought he would have to physically move the operating system files to a physically separate thumb drive.
No, this was my own personal sidetrack, or wild 'hare', as it were. I was thinking ahead to the day when I would have the OS in one partition and data in another.
Here I must admit more confusion. Having been exposed, briefly, to UNIX, I recall that 'mounting a drive' was a prerequisite to using it or addressing it in any way. (Perhaps that's where the term had its origin for VeraCrypt) As an analogy, back in the '60s when I was a computer operator, I had to 'mount' reels of tape physically on a tape drive unit and make the unit 'ready' before the system could address it in any way. My understanding of 'mounting' a disk is the same, except that the physical part of placing the tape reel in the drive and making it ready is not necessary. If I understand Chris and Stuart correctly, I will be prompted for a password for the encypted partition when I start Windows. If that is correct, I infer that no further action will be required and that in all interaction with data will. . .
Yes, "mounting" in the sense of encryption means "providing a password, and a letter to use as a drive identifier, and the name or location of an encrypted partition so that Veracrypt can use the password to de-crypt the encrypted partition and from now on refer to it as the drive letter.
decrypt data when it is read and encrypt data when it is written.
The confusing part for me is this:
If I have a device (a partitioned disk drive of whatever form), that the OS knows by a drive letter (using T: in Chris' example below), do both the OS and VeraCrypt know it by the same drive letter? This makes no difference to the rehearsal using a thumb drive; but, thinking ahead (which is always dangerous when I do it) my system installed solid state drive will have a C: partition containing Windows, and a D: partition containing my data.
As I understand it, I will create that D: partition, using Windows Disk Management for example, then using VeraCrypt, turn that Windows partition D: into an encrypted partition which all my software can then address, read, and write to but which VeraCrypt (or something?) will intercept and encrypt before the binary bits are written. If this is correct, then do Windows and VeraCrypt both need to have the partition defined with the same letter, D:, in this case?
I find this statement a bit arcane. By saying 'boot sequence' you infer that this takes place only when the system is 'booted'. Can you expound on this? Are you saying that by having created a T: partition in Windows AND in VeraCrypt that when Windows boots, it somehow knows that the T: partition is encryped? If so, how and when did that happen? How does Windows know to ask for a password . . . which VeraCrypt needs to 'mount' the drive (addressed as T:) when Windows normally doesn't ask for a password in order to address other partitions?In real terms, my boot sequence points to MY encrypted partition and tells Veracrypt to refer to it as T:.
So my daily work takes place on drive T:
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |