Articles‎ > ‎

Securing Files

This is for Windows, better and more detailed guides are readily available for Linux

Using BitLocker to create an encrypted drive:
  1. Run diskmgmt.msc (this requires admin privileges and is the single biggest reason bitlocker is not as good as TrueCrypt)
  2. Action - Create VHD (VHD is fine for this since a couple hundred MB would probably be plenty) and initialize it (right click the drive and GPT is best but MBR is fine and required on smaller drives)
  3. Create a partition on the drive (right click the volume)
  4. Right click the drive and turn on BitLocker in Explorer, with passwords.
Here's a handy bat script (thanks in part to
SET VirtualDiskLocation="%CD%\Keys_Certs_and_Similar.vhd"
SET DiskPartScriptLocation="%TEMP%\DiskMountScript-%RANDOM%.txt"
ECHO SELECT VDISK FILE=%VirtualDiskLocation% > %DiskPartScriptLocation%
ECHO ATTACH VDISK >> %DiskPartScriptLocation%
echo select partition 1 >> %DiskPartScriptLocation%
echo assign letter=T >> %DiskPartScriptLocation%
DiskPart /s %DiskPartScriptLocation%
DEL %DiskPartScriptLocation%

Encrypting files with PGP:
  1. Actually using OpenPGP (actually gnupg): you will need to install: gpg4win-light
  2. Set up an admin shell, and run: setx path "%path%;c:\Program Files (x86)\GNU\GnuPG\" (Substitute your correct path as needed)
  3. Create keys:
    gpg --gen-key
    gpg --export > public.key
    gpg --export-secret-keys > private.key
    gpg --export --armor > public.key.txt
    gpg --export-secret-keys --armor > private.key.txt

Keep your private key safe. Share your public key everywhere!

Here's what an example of using gpg for asymmetric encryption looks like on Windows:

C:\temp\gpg>gpg --list-keys
gpg: C:/Users/boyce/AppData/Roaming/gnupg/trustdb.gpg: trustdb created

C:\temp\gpg>gpg --import anc-at-yah.gpg.public.key
gpg: key B88EB520: public key "Boyce Crownover (Expires 05May2026 Created 06May2016) <>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

C:\temp\gpg>gpg --list-keys
pub   2048R/B88EB520 2016-05-06 [expires: 2026-05-04]
uid       [ unknown] Boyce Crownover (Expires 05May2026 Created 06May2016) <>
sub   2048R/B5CB7A58 2016-05-06 [expires: 2026-05-04]

C:\temp\gpg>gpg --encrypt --recipient 'Boyce Crownover' TextDocumentExample.txt
usage: gpg [options] --encrypt [filename]

C:\temp\gpg>gpg --encrypt --recipient "Boyce Crownover" TextDocumentExample.txt
gpg: B5CB7A58: There is no assurance this key belongs to the named user

sub  2048R/B5CB7A58 2016-05-06 Boyce Crownover (Expires 05May2026 Created 06May2016) <>
 Primary key fingerprint: FCA3 EC13 7808 D354 BE95  5534 7816 B522 B88E B520
      Subkey fingerprint: C175 DA12 A3DE B65F DC0E  71D9 1104 2CC3 B5CB 7A58

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

C:\temp\gpg>gpg --decrypt TextDocumentExample.txt.gpg > Decrypted.TextDocumentExample.txt


 Directory of C:\temp\gpg
05/17/2016  12:01 PM    <DIR>          .
05/17/2016  12:01 PM    <DIR>          ..
05/06/2016  10:36 AM             3,702 anc-at-yah.gpg.private.key
05/06/2016  10:36 AM             1,806 anc-at-yah.gpg.public.key
05/17/2016  12:01 PM                33 Decrypted.TextDocumentExample.txt
05/17/2016  11:55 AM               376 TextDocumentExample.txt.gpg
05/17/2016  11:48 AM                 0 pubring.gpg
05/17/2016  11:48 AM                 0 pubring.gpg.lock
05/17/2016  11:48 AM                 0 secring.gpg
05/17/2016  11:48 AM                 0 secring.gpg.lock
05/17/2016  11:54 AM                33 TextDocumentExample.txt
               9 File(s)          5,950 bytes
               2 Dir(s)   1,020,076,032 bytes free