How to Migrate from TrueCrypt to BitLocker

In this post, you will learn how to migrate from TrueCrypt to BitLocker. TrueCrypt is a free, open-source disk encryption software available for Windows XP, Vista, Windows 7, Mac, Linux, and Unix. It can create a virtual encrypted disk within a file, encrypt a disk partition, or even encrypt the entire storage device. TrueCrypt was first released in 2004 and was based on the software E4M (encryption for the masses). Please see how to change the Visual Studio Code UI language, and how to decrypt Files and Folders Encrypted with an Encryption File System (EFS) in Windows.

TrueCrypt development ceased on May 8, 2014, when Microsoft discontinued support for Windows XP. Windows 8/7/Vista and later versions of Windows include built-in support for encrypted disks and virtual disk images.

Other platforms such as macOS offer similar integrated support. Any data encrypted by TrueCrypt should be moved to encrypted disks or virtual disk images supported by your platform.

BitLocker is a Windows encryption technology that secures your data by encrypting your drive and requiring one or more authentication factors before unlocking it. When Windows detects an unauthorized attempt to access the data, it will request a BitLocker recovery key.

You can learn about how to Force BitLocker Recovery mode: How to unlock BitLocker Protected Drive. You may also be interested in learning about the following related posts BitLocker Recovery Mode prompted? Cannot find my BitLocker Recovery Key, Reasons for BitLocker Recovery Mode Prompt

Decrypting System Drive with TrueCrypt

If you have the system drive encrypted by TrueCrypt, follow the steps below to decrypt it.

Step 1: Start by opening the System menu in TrueCrypt and selecting Permanently Decrypt System Drive

TrueCrypt-System-Menu — Decrypting Drive with TrueCrypt

Enabling BitLocker

Note to be able to encrypt drives with BitLocker, the Trusted Platform Module (TPM) must be disabled.

To disable TPM, do the following things:

Step 1: Open Group Policy Editor:

disabling-TPM — Opening-Group-Policy-Editor

Step 2 – Open Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. Edit Require additional authentication at startup policy as shown below:

editing-additional-authentication — Editing-additional-authentication

Step 3: Set the policy to Enabled and make sure Allow BitLocker without a compatible TPM is checked, apply it and click on Ok

allow-bitloacker-without-tpm — Enabling BitLocker

Also, see How to configure Network Unlock in Windows, How to unlock a fixed drive protected by BitLocker, Disable BitLocker: How to correctly disable MBAM-encrypted devices, and How does Bitlocker Network Unlock work?

Encrypting Drive with BitLocker

To encrypt a system drive with BitLocker, take the following steps:

Step 1: To encrypt the drive with BitLocker, open the Explorer and click right-click on the drive you want to encrypt and then select Turn on BitLocker

Encrypt-drive-with-BitLocker — Turning on BitLocker

Step 2: Wait for BitLocker to verify your PC to ensure that it meets the requirements.

enabling-bitlocker — Checking for system requirements

The steps it will take BitLocker to encrypt your drive are preparing your drive for BitLocker and Encrypting the drive.

encrypt-drive-bitlocker — Some steps are taken to encrypt the drive by BitLocker

Step 3: Select how you want to BitLocker to Encrypt your drive:

choose-how-much-drive-to-encrypt — Choose how much of your drive to encrypt

Step 4: Define a password for your BitLocker

Step 5: Preparing Drive for BitLocker

Step 6: Print the BitLocker recovery key and save it.

Lastly start encrypting the drive

Note BitLocker will restart your computer for the encryption to take effect. When prompted to restart now or later, choose one based on your preference.

After encrypting your drive with BitLocker, the next few things to do is to copy all data from the drive encrypted by TrueCrypt to the drive encrypted by BitLocker.

If you do not have an extra drive, first decrypt the drive encrypted by TrueCrypt. Select the drive in TrueCrypt, open the Volumes menu and select Permanently Decrypt item. Then encrypt the drive by BitLocker as stated above.

You can download and install TrueCrypt here. Note using TrueCrypt is not secure. You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.

FAQs on Bitocker

Does BitLocker protect against a reset attack?

Yes, to defend against malicious reset attacks, BitLocker leverages the TCG Reset Attack Mitigation, also known as MOR bit (Memory Overwrite Request), before extracting keys into memory.

This does not protect against physical attacks where an attacker opens the case and attacks the hardware.

Can I access my BitLocker-protected drive if I insert the hard disk into a different computer?

Yes, if the drive is a data drive, you can unlock it from the BitLocker Drive Encryption Control Panel item just as you would any other data drive by using a password or smart card.

If the data drive was configured for automatic unlock only, you will have to unlock it by using the recovery key. The encrypted hard disk can be unlocked by a data recovery agent (if one was configured) or it can be unlocked by using the recovery key. Otherwise, no!

In this post, you have learned how to migrate from TrueCrypt to BitLocker. You have also got to know to enable BitLocker for your system.