Migrating from TrueCrypt to Symantec Drive Encryption: Encrypting Your Disks

book

Article ID: 181905

calendar_today

Updated On:

Products

Drive Encryption

Issue/Introduction

 

Resolution

This article describes how to migrate from TrueCrypt to Symantec Drive Encryption, and provides instructions on how to encrypt your disk using Symantec Drive Encryption.

For system drives encrypted by TrueCrypt

If you have a system drive that is encrypted by TrueCrypt, follow these instructions to decrypt the drive using TrueCrypt. Then you can encrypt the drive using Symantec Encryption Desktop (using these instructions).

  1. Decrypt the system drive in TrueCrypt. (To do this, open the System menu in TrueCrypt and select Permanently Decrypt System Drive.)
  2. Uninstall TrueCrypt.
  3. Install Symantec Drive Encryption and complete the setup assistant. For more information, refer to the following two knowledgebase articles:
     
  4. After you have successfully installed and configured Symantec Drive Encryption, start the application using any of the following methods:
     
    • Double-click the PGP Tray icon.
    • Right-click the PGP Tray icon and then select Open Symantec Encryption Desktop.
    • From the Start menu, select Programs > Symantec Encryption > Symantec Encryption Desktop.
       
  5. Encrypt the non-system drive. To do this, click Encrypt Whole Disk in the PGP Disk Control box.
  6. Select the drive or partition to be encrypted.
  7. Select Power Failure Safety if you think your system could lose power during the encryption process. When Power Failure Safety is selected, the encryption process can safely resume if it is interrupted. This option can cause encryption to take longer to complete.
  8. Click Add User Key to add users who will be able to authenticate to the whole disk encrypted drive using public-key cryptography.
  9. If you are encrypting a fixed drive, you can only use a PGP keypair on an Aladdin eToken USB token. If you are encrypting a partition or a removable (non-fixed) drive, you can use any keypair on your system.
  10. Click New Passphrase User to add users who authenticate using a passphrase, including if you want to use a USB flash device for two-factor authentication. Follow the instructions displayed in the PGP Disk Assistant dialog boxes.
  11. If you are encrypting your boot drive, you have the option of using your Windows logon passphrase so that you only have to enter your credentials once on startup.
  12. Click Encrypt.

 

For non-system drives encrypted by TrueCrypt

If you have a non-system drive that is encrypted by TrueCrypt, follow these instructions to decrypt the drive using TrueCrypt. Then you can encrypt the drive using Symantec Encryption Desktop (using these instructions).

  1. Decrypt the non-system drive encrypted in TrueCrypt.
  2. Uninstall TrueCrypt.
  3. Uninstall TrueCrypt.
  4. Install Symantec Drive Encryption and complete the setup assistant. For more information, refer to the following two knowledgebase articles:
     
  5. After you have successfully installed and configured Symantec Drive Encryption, start the application using any of the following methods:
     
    • Double-click the PGP Tray icon.
    • Right-click the PGP Tray icon and then select Open Symantec Encryption Desktop.
    • From the Start menu, select Programs > Symantec Encryption > Symantec Encryption Desktop.
       
  6. Encrypt the non-system drive. To do this, click Encrypt Whole Disk in the PGP Disk Control box.
  7. Select the drive or partition to be encrypted.
  8. Select Power Failure Safety if you think your system could lose power during the encryption process. When Power Failure Safety is selected, the encryption process can safely resume if it is interrupted. This option can cause encryption to take longer to complete.
  9. Click Add User Key to add users who will be able to authenticate to the whole disk encrypted drive using public-key cryptography.
  10. If you are encrypting a fixed drive, you can only use a PGP keypair on an Aladdin eToken USB token. If you are encrypting a partition or a removable (non-fixed) drive, you can use any keypair on your system.
  11. Click New Passphrase User to add users who authenticate using a passphrase, including if you want to use a USB flash device for two-factor authentication. Follow the instructions displayed in the PGP Disk Assistant dialog boxes.
  12. If you are encrypting your boot drive, you have the option of using your Windows logon passphrase so that you only have to enter your credentials once on startup.
  13. Click Encrypt.

For more information:

Symantec Drive Encryption best practice http://www.symantec.com/business/support/index?page=content&id=TECH149543

Quick start guidehttp://www.symantec.com/business/support/index?page=content&id=DOC6208