From www.truecrypt.org : "TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g.., file names, folder names, contents of every file, free space, meta data, etc)."

    Another great feature of TrueCrypt is the Plausible Deniability factor. TrueCrypt can create a hidden encrypted volume inside a TrueCrypt volume that will look just like random data as the original TrueCrypt volume does. What this means is that if you are ever forced to decrypt your TrueCrypt volume you can and show off your not as private data all you want. The real juicy stuff you would keep in the hidden file and you can deny it is there. TrueCrypt volumes can not be distinguished from random data so there is no way to tell if there is or is not a hidden volume.

    In this article I am going to walk you through creating a TrueCrypt volume hidden inside another TrueCrypt volume so that you have plausible deniability. I am using a usb flash drive that is /dev/sda on my machine but you can use any disk, partition, or even a file by giving the name of the file you want to create as a TrueCrypt volume instead of the device file in my examples.

    Step one is to install TrueCrypt. This is beyond the scope of the article even if it is step one. I use Gentoo and it was as easy as unmasking in package.keywords and emerging TrueCrypt.

        # echo " app-crypt/truecrypt ~x86" >> /etc/portage/package.keywords

        # emerge -v truecrypt

    To get a list of available options and some help with the syntax just typetruecryptand the command line. To create a new volume just pass the -c option and volume name to TrueCrypt and it will ask you about any required unspecified options.

        # truecrypt -c /dev/sda

    You will next be prompted for information about the volume you will be creating. This will be a normal Volume so enter "1" at the volume type prompt, also enter "1" at the filesystem prompt to create a FAT filesystem.

    The hash algorithm and encryption algorithm are entirely up to you. I chose Whirlpool as the hash and AES as the encryption. I am not an encryption buff so there may be better options so I would say if you are hieing something that you need to know will not be found then do some research on these algorithms that are offered.

    We are prompted for a password next. I suggest you use a strong password that will not be brute forced easily. Upper and lower case numbers and symbols but also something you can remember, ie: eye8worm5@d1nn3r.

    Next you can enter a path for a keyfile that is needed to open your TrueCrypt volume. I just hit enter to use none because I don't plan on havening any other files with me. You can add a keyfile but remember you will need it to access the data.

    TrueCrypt needs some random data to fill the new volume with so it now asks if you have a mouse directly connected to the system you are building the volume on. Just say Y if you do and move the mouse around until it reaches 100%.

    Congrats, you now have an encrypted volume to use. Lets mount it to test it out. We need to create a directory to mount it in and start TrueCrypt with the -i option ( for interactive ).

        # mkdir /mnt/tc

        # truecrypt -i

    You are now greeted with a prompt for the volume path. In my case it is /dev/sda so I will type that. You will need to type whatever you used for your volume. After pressing enter TrueCrypt asks you for the mount point. In the example we created the directory /mnt/tc so type that or whatever you used in and hit enter.

    The last question is the "Protect hidden volume?" question. We do not have a hidden volume .. yet so there is nothing to protect. If you say y here it will ask you for a password or keyfile for the outer and the hidden volumes. We have not set a password or keyfile for hidden the hidden volume so say N here. Enter the path for your keyfile if you have one and then enter your password.

    Your TrueCrypt volume is now mounted and writable. Go ahead and add data to it then unmount it with the -d option.

        # touch /mnt/tc/donotlook

        # truecrypt -d /dev/sda

    If you pass the -d option without specifying a volume it will unmount all the TrueCrypt volumes.

    Now lets create the hidden volume. All you have to do is follow the same steps as the first volume except select hidden for the type when asks to make the volume normal or hidden. Also be sure that you choose a size small enough that it fits in the outer volume with room to keep the kinda private data. The volume path will be the same as the outer volume.

    Are you all done? good lets mount the outer volume the hidden volume and add some data.

        # truecrypt --type hidden -i

    Answer all the questions and remember to use your hidden volume password and keyfile ( if you used a keyfile ). Don't forget to say N to the hidden volume protection. Add some data and ls the directory to see that is is there. You can also use the df command to see that the size is the same as you chose for the hidden file.

        # touch /mnt/tc/reallydonotlook

        # ls /mnt/tc/

        # df -h

    Now lets unmount the hidden and mount the outer volume to compare the difference.

        # truecrypt -d /dev/sda

        # truecrypt -i

        # ls /mnt/tc

        # df -h

    You should see the file we created in the outer TrueCrypt volume before and the size of the volume should be the size of the disk.

    If all went well you are now protected by plausible deniability. If you need anymore information use the TrueCrypt man page or visit www.truecrypt.org . TrueCrypt also has a user forum at forums.truecrypt.org .