Many years ago when full-hard-drive encryption was not as easy to obtain as today, I figured out how to secure my Microsoft Outlook PST files using TrueCrypt. TrueCrypt may now be defunct, but there are a couple of successors like CipherShed, TCNext and VeraCrypt. The steps below will work with them and any Microsoft PST files. This was written for Microsoft Outlook 2003, but I have successfully used this method successfully with most versions of Outlook (2007, 2010, 2013) since then. The only reason I haven’t tried it with Outlook 2016 is because I don’t need it anymore thanks to BitLocker.
E-mail is one of those bogeymen, especially for those who desire true security in their communications. The problem is that 90% of users don’t use any sort of protection on their e-mails. It’s — to use the old example — as if we were sending each other messages using postcards rather than letters sealed in an envelope. Imagine your bank or, even worse, your mother sending you a letter that everyone who cared to could read! Well, that’s e-mail. And that doesn’t confine itself to your e-mail server or the connection between it and your computer. If anyone knows how and where to look, your computer’s e-mail is just as visible to the world.
Those who really need to protect themselves will have gotten themselves secure e-mail accounts like Hush Mail or some other corporate encrypted e-mail. But for those of us who need an extra level of protection or are simply paranoiacs (like me), the data is sitting on your machine for all the world to see.
So, what will release me, poor soul, from this scourge of e-mail that is open to anyone who sits down at my computer screen or hacks through my oh-so-inadequate security? The answer is encryption! And the beauty of this is that good encryption is available for free via TrueCrypt.
I use Microsoft Outlook 2003 for my e-mail communications and so figured out a way to make it work with TrueCrypt to allow for a simple way of keeping my data safe. Yes, Outlook will password-encrypt your PST files, but if you have them stored in your keychain (like I do) anyone sitting down at your machine and starting up Outlook will be able to read them. This will make it much more difficult for them, provided you dismount your TrueCrypt drive when you’re done e-mailing!
Please be advised that this procedure will not work with Outlook Express. You must be running the full version of Microsoft Outlook! Thunderbird can be made to do similar things, if you prefer that, but that is beyond the scope of this article.
I am going to assume that you have some level of experience in working with Windows, especially when it comes to copying files or looking at hidden folders. For those of you who are beginners, I will recommend not doing this without the help of a more experienced friend, as you could conceivably break something in the process.
In order to do this we will have to go through five steps:
- We’ll download and install the necessary software.
- We’ll create a TrueCrypt volume to place your Outlook.pst file in.
- We’ll mount the TrueCrypt volume and move your Outlook.pst file to it.
- We’ll reconfigure Outlook to look for the Outlook.pst file in the encrypted volume.
- We’ll use my script to create icons to quickly mount and dismount the encrypted volume and start Outlook at the appropriate time.
Now, let us begin.
Step 1: Download and Install the Necessary Software
As you should already have Microsoft Outlook installed and in use at this time, all you will need to get yourself is TrueCrypt. Download the latest version from http://www.truecrypt.org . I will go through this process using TrueCrypt 4.3. The newer versions may look slightly different that what I will use, but the idea is the same. Unzip the file and run the installer.
Step 2: Create a TrueCrypt Volume.
-
Start by either clicking the TrueCrypt icon in the notification area of your task bar or by going to
Start > All Programs > TrueCrypt > TrueCrypt
-
Click on the Create Volume button to begin creating the new volume. The wizard is rather intuitive in creating volumes. TrueCrypt 5 and up has one extra wizard screen before this one, in which you can select what kind of volume you wish to create. For our tutorial just select the default, “Create a file container”. Then you will see the screen below. For our example we will create a standard TrueCrypt volume. Hyper-paranoiacs can create a hidden one, if they like.
-
Click Next to continue and then hit Select File to point to the place where you want to create your TrueCrypt volume to. The idea is to not put it in a place people will normally look for. You might put it in another subfolder on another drive which has a name that has nothing to do with encryption, such as E:\eternity\somefile.tc
Note that using the .tc ending will alert anyone who knows anything about TrueCrypt that this is an encrypted volume. You can give it any ending you choose, including such standard endings as .jpg or some such thing. But this will be a big file (on the order of over 1 GB), so don’t give it an ending that will raise any flags. For example, a monster JPEG (.jpg) file is bound to raise questions and a computer-savvy person may even suspect that it is a virus and delete it. I, at least, have never come across a JPEG any bigger than 20 MB. Good generic endings would be .iso or .dat or .001 or no ending at all!
-
Click Next and then select the kind of encryption algorithm you want to use. If you use a single algorithm, it’ll be far easier to crack than a double or triple encrypted algorithm. But a single algorithm will decrypt faster for connection to Outlook. It’s your choice.
For our example I am going to use an Serpent-Twofish-AES algorithm. I have a fast enough computer to handle the calculations. If you have an older machine (or are running Vista), you may want to use a less complex algorithm.
I’m also going to use the default Hash Algorithm, RIPEMD-160. You can pick whichever one you want, but the default should work fine as well. Feel free to research which hash algorithm will work best.
-
Click Next and type in the size of your encrypted hard drive. Make it large enough so your Outlook.pst file can grow for a long time. I’m going to make the size 1.5 GB for this example. To calculate 1.5 GB in to MegaBytes, multiply it by 1024. That will give you a size of 1536 MB.
-
Click Next and type in your passphrase. Make it really, really long. For this example, I’m going to use the following:
I_Don’t_L1ke_Micr0$0ft_Much
This passphrase has 27 letters, digits and special characters. Make up your own passphrase. Use password common sense and remember that spaces are allowed, too.
-
Click Next and select the way you want your partition to be formatted. If you want to have maximum portability, FAT32 is good, but if you’re only planning on using this on your Windows machine use NTFS, as I am in this example. It also formats faster. Now click Format, sit back and twiddle your thumbs for a while or go get a cup of tea or something while TrueCrypt creates your encrypted volume.
-
When the volume has been created click OK to get rid of the confirmation box and then hit Exit to close the wizard. Your volume has been created. And now we can move on to the next step.
Step 3: Mount the TrueCrypt Volume and Move Outlook.pst
Mounting the TrueCrypt volume is pretty straightforward. You can do it through the TrueCrypt interface.
Select the drive letter you want from the main window. I have selected O:\ I find this logical, as I will mount a drive containing Outlook data. If you use that drive for something else, pick another letter from the available drives. It’s totally up to you which one you want, but I’d recommend always using the same letter for this mount, mostly because it will make it easier for Outlook to find the file.
Next, hit the Select File button and select your newly created TrueCrypt volume file (in our case E:\eternity\somefile.tc) and hit the Mount button to mount it. It will prompt you for the password and once you enter it, it will display the mounted drive in the window.
Once you’re done with this, your encrypted hard drive will show up in your My Computer window.
Once you have that showing up, open the drive and then open another window and point it to your Outlook subfolder. Unless you have already moved our Outlook.pst file to another subfolder, it should be located in
C:\Documents and Settings\UserName\Local Settings\Application Data\Microsoft\Outlook
where UserName is your user name.
Make sure Outlook isn’t running and then move , don’t copy, Outlook.pst and/or your archive folder to your newly encrypted drive. You can do this by either cutting the files (Ctrl-X) or by shift-dragging the icon to the other window. Wait for the file to copy over and then go to the next step.
Step 4: Reconfigure Outlook
Now that you’ve moved (not copied!) your Outlook.pst file to the new drive, start Outlook. It will immediately gripe at you:
The file C:\Documents and Settings\UserName\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst could not be found.
Once this message pops up, point the open dialog to your TrueCrypt drive (O:\ in our example) and select the Outlook.pst there. Then hit Open.
Outlook will gripe once more that your original Outlook.pst can’t be found and shut itself down. Do not be surprised. This is a normal Outlook temper tantrum and should be expected. When you restart Outlook, it will now meekly open your Outlook.pst in the new location.
Everything you need to do to encrypt your Outlook.pst file has been done. However, if you want to make your life just a little easier loading and unloading Outlook.pst, you may want to write a little script or batch file to open your encrypted mount.
Well, that’s it. With these steps you will have successfully moved your Outlook.pst to an encrypted portion of your hard drive and will have officially joined the ranks of the somewhat-paranoid.
For the really paranoid: This will only encrypt your data when your Outlook drive is not mounted. As long as the drive is mounted the data will be visible, both to someone sitting at the computer and to anyone who has hacked into your machine.