Ok, I saw this topic:
and at first I thought I had found a solution to my question, but instead it just confused me further.
Here's the deal:
I would like to partition my 488 mb flash drive into two sections:
Section 1, which is public, (unencrypted, no password needed to access)
and Section 2, which is private, (encrypted and password protected)
However, I will need to be able to access and edit files in Section 2 on PC's which I will not have administrator priveliges.
Section 1 would take up less than 100 KB, since the only files I would be storing there would be:
- autorun.inf
- autorun.ico
- REWARD IF FOUND.txt
My other reason for having minimal public space would be so that if someone found my drive and wanted to keep it, they would be frusterated by the fact that they would not be able to save much to it except for a few .txt files and maybe a word document.
So my question is:
How Can I Do This?
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
You can not do this. Unless you use something like Truecrypt, which doesn't actually partition it and will only work on PCs where you have admin rights.
Sometimes, the impossible can become possible, if you're awesome!
As far as I can tell John is right - you can't do it with freeware.
But... I am using a commercial product, successfully, called Dekart Private Disk, which has a free trial and uses AES256 encryption. I can confirm from much experience that it does not require admin rights. Dekart creates a virtual second volume (not a partition) on any drive. I do not know of any independent evaluation of its security against sophisticated attack, but a very well equipped forensic IT guy at my company couldn't get any information from the encrypted volume or from the USB drive or host computer on which it ran.
Ordinarily the software requires installation but there are detailed instructions for using it in portable mode, without admin rights.
I hope it's ok to post this link:
http://www.dekart.com/howto/howto_disk_encryption/encrypt_flash_drive_cd...
If the link should be removed, perhaps I can mention that the software is at dekart-dot-com and there is a "how to" page describing the method to "encrypt_flash_drive_cd_dvd".
I have no connection to the company other than customer, and honestly I wish there were a GNU PL application that could do this. Ideally it would be GPG based -- I don't know why there couldn't be a GPG Disk to create encrypted volumes, analagous to the commercial PGP Disk product -- which is great, and I own it, but it's not portable.
I'd rather use Truecrypt also, but TC hasn't solved the problem of admin rights.
It's called Dekart Private Disk Lite, and so far, it's doing pretty much what i wanted to do!
One question though, is there a way for me to prevent the file image .dbd file from being erased from my flash drive?
Thanks alot!
Please Make TiLP Portable
Under what circumstances is it erased?
Lets say, if someone finds my flash drive, and beeing greedy, decides to keep it for themselves.
But when they insert it into their computer, they notice that 1 file is taking up almost all the space: The encrypted file image So they just delete that file, and boom, they can now use all my flash drive.
I want to still be able to delete it, but I'd want to have to enter the password first to protect it.
Please Make TiLP Portable
I don't recommend partitioning a flash drive. I don't know how wear leveling will work, and you may or may not be able to access any partition beyond the first (there is a thread around here describing that problem).
Vintage!
Wear levelling isn't a big issue with partitioned flash-drives,
but the fact that winblows only supports one mounted partition
on a flash-drive is. Linux doesn't have this limitation so
once again it's M$ deciding for you what you may or may not do
with your hardware. If only the flash-drive manufacturers would
stop setting the RMB to "removable" ....
Here is what decart says on their website :
"Administrative privileges are not required if the program was previously
launched by an administrator."
Running as non-admin on systems where an admin never ran the app
requires copying of files to %windir%\system32\drivers and editing the registry,
things you normally can not do from a limited account ..
How did you get it to work ? I would love to know because
this "admin-right" required nonsense is a real problem for
portable high-quality encryption.
another thing is that the trial-version is "suicide-ware".
when your trial expires it won't be fully functional, a thing you
do NOT want with encryption-programs ..
This thread is delicious, and should become reference cannon. Mods, please make this a sticky somewhere. Or, rewrite all the information presented in this thread and make that a sticky.
Love and kisses!
- the fredd
Love and kisses!
- the fredd
My experience is that one can only access the first (active) partition on MS Windows XP, but one can access all partitions on MSW 9x (and non-MS OSs). If one wants to run an OS from a USB drive at the same time as storing data on it, you should make the OS boot partition inactive (or use a file system that MSW XP cannot access) to ensure you can access the other partition on MSW XP.
Also, all the free and proprietary partitioners I've used can partition USB drives the same as any other drive.
The easiest way to partition a USB drive if you are using MSW and don't have Powerquest Partition Magic may be to download Parted Magic (a 30 MiB live OS with partitioning tools that runs from CD, a USB drive or over a network) from http://partedmagic.com/ . If you are really cautious you could disconnect your hard drive(s) first too (just in case you select the wrong drive).
I have been using this and it in fact does work on computers with non-admin rights. All you do is select the size of the partition you want to make, in your case, most of the drive, and let it make it. You then plug in the drive and start the program, and navigate to your "public" part, which the other partition is housed on, select it, insert your password, and the private partition shows up. It's also a big plus for me because the locked down computers that I use at school only allow 1 removable disk to be shown in my computer at a time, but with Private Disk, I figured out that it will let there be a removable drive of whatever letter AND a removable drive with the letter M: assigned to it. So I actually made my private partition at home with a drive letter I knew was assigned already at my school and now when I open it up there, I can select any open letter(M:) and I have both the public and private drive showing as removable disks. So yes Dekart Private Disk works great on non-admin computers as well as my computer, which I am the admin to. You can email me at n_faze13 {at} hotmail {dot} {com} if you need any more info.
Dekart Private Disk loads a driver to encrypt data on the fly. I don’t see how anyone in this thread who says they have it working (in a public or corporate environment without admin rights) can be serious. It doesn't work without admin rights or having the program run once by an admin.
See the following post from the Dekart admin Alex Railean:
http://forum.dekart.com/showthread.php?t=508&highlight=admin
I don't believe anything has changed since then.
I’ve followed the instructions to the letter in the posted link above on “How to encrypt a USB flash drive”. I have developer’s rights at work which give me some leeway on installations, but I still get a pop-up stating "You do not have sufficient administrative rights for this operation!" as soon as I execute Private Disk from my flash drive.
Regards,
I guess I should have been more specific..the computer that I use it on without admin rights is Windows 2000, I tried using it on a non-admin XP computer while I was on vacation a few weeks ago and was not able to run it.
if someone found my drive and wanted to keep it, they would be frusterated by the fact that they would not be able to save much to it
Inflicting frusteration on a person must be very painful! Except... you can't. The drive is theirs; they can reformat the whole thing and be happily on their way, reducing its lifespan by a hefty 0.05%.
As for the virtual disk mounting problem, depending on your needs, you might get away with placing a copy of TCExplorer in the public space (~713KB UPX). It does not mount a disk and can run under normal privileges; the downside is that you can't run applications on top of it without copying it to a real filesystem, leaking data. Then again, a disk erase utility could fix that...
I am glad that one of those stating that Dekart PD would run without admin rights now corrected that statement and cleared things up a bit. So PD can usually NOT be run without admin-rights too.
I use TCExplorer together with TrueCrypt and that works very well for me (despite some warnings here from John and others). Of course the procedure could be more comfortable if one would be able to run executables without first copying the needed data (folders) onto the host PC. But on the other hand this complicated way (1) reminds one of the risks using a foreign PC and (2) gives you the opportunity to erase exactly those data that have been copied afterwards (which makes it secure enough for me).
And I am not in the need to use TCE too often anyways, since most of the time I am sitting in front of my own PCs. But it is good to know that I may be able to reach my encrypted TC-Volume whenever I encounter the need to do so somewhere in the wild...
Ah. I can now confirm that Dekart private disk (but not TrueCrypt)works without admin rights on Windows 2000 computers -- but not on Windows XP. Just found that out the hard way yesterday. Oh well.
A question and a comment.
1. I don't see a way to use TC Explorer to open a TC volume protected with both a passphrase and a key file. Am I missing something?
2. Great as it is, TC Explorer doesn't solve a problem I really want to solve -- how to mount and use a virtual encrypted VOLUME on any computer. I'd like to run my Portable Thunderbird from that volume, for instance, so that my mail remains on an encrypted volume that I take with me when I leave. I know there's a driver issue here, but I sure hope someone finds a way around it.
You cannot mount the volume but you can run your Portable Thunderbird on any machine using TCE:
Just copy the programs folder from out of the encrypted volume to your stick or host machine, run the program from there and delete / erase the copy of the folder when finished. You may even save changes /received mails if you copy the profile in the copied folder back to the encrypted volume before you delete / erase the copied folder...