External hard drives are often encrypted to protect sensitive data in case the device is lost or stolen. Encryption transforms the data on the drive into an unreadable format that requires a password or key to decrypt. There are several reasons people may want to encrypt an external drive:
- Privacy – prevent unauthorized access to personal or confidential data (1)
- Security – make data inaccessible if device is misplaced or stolen (2)
- Compliance – meet data security regulations for industries like healthcare and finance (3)
To decrypt an encrypted external hard drive, you will need to follow these general steps:
- Determine what type of encryption was used to encrypt the drive
- Obtain the password, recovery key, or other decryption key needed to unlock the encryption
- Use the appropriate decryption software or tools for the encryption type
- Provide the decryption key to decrypt and access the drive contents
This guide will cover the main methods of encrypting external drives, including BitLocker, FileVault, and VeraCrypt, and provide instructions to decrypt each type.
(1) https://blog.cortrucent.com/posts/secure-your-data-the-importance-of-encrypting-external-storage-devices?hsLang=en
(2) https://blog.cortrucent.com/posts/secure-your-data-the-importance-of-encrypting-external-storage-devices?hsLang=en
(3) https://www.techtarget.com/searchenterprisedesktop/definition/hard-drive-encryption
Reasons To Encrypt An External Hard Drive
There are two main reasons why people choose to encrypt their external hard drives:
Protect Sensitive Data
Encryption allows you to protect sensitive files and information stored on an external hard drive in case it gets lost or stolen (https://www.techtarget.com/searchenterprisedesktop/definition/hard-drive-encryption). By encrypting the drive, you can ensure that only someone with the password or encryption key can access the data, preventing unauthorized access.
For many people, external hard drives contain private information including financial records, business documents, personal photos, or other media that would be damaging if it fell into the wrong hands. Encryption provides an important security measure for this data.
Prevent Unauthorized Access
In addition to protecting data if a drive is physically stolen, encryption also prevents unauthorized access to the data if the drive remains in your possession. For example, if your external hard drive is used across multiple computers, encryption prevents others from being able to view your files and information (https://www.quora.com/Should-I-encrypt-my-external-hard-drive).
Encryption essentially adds a password protection layer to the entire external hard drive, rather than just specific files. This provides a comprehensive way to control access to your data.
Understanding Drive Encryption
Drive encryption works by scrambling the data on a hard drive using an encryption algorithm, or cipher. The encrypted data appears completely random and unreadable without the correct decryption key (Boffey, 2017). There are a few main types of encryption used for full disk encryption on external drives:
BitLocker: A proprietary full-disk encryption developed by Microsoft, built into Windows operating systems. It uses AES encryption with 128 or 256-bit keys to encrypt entire volumes (Microsoft, 2022).
FileVault: Apple’s full disk encryption system included in MacOS. It uses XTS-AES 128 encryption to secure all data on the startup disk (Apple, 2022).
VeraCrypt: An open source disk encryption software for Windows, MacOS, and Linux. It can create encrypted containers or encrypt entire hard drives. VeraCrypt uses AES, TwoFish, Serpent, AES-TwoFish, AES-TwoFish-Serpent, Serpent-AES ciphers (Idrassi, 2022).
Full drive encryption transforms the entire drive contents into a scrambled format, helping protect data in case a drive is lost, stolen, or accessed by an unauthorized party (Microsoft, 2022).
Sources:
Apple. (2022). About FileVault encryption on your Mac. https://support.apple.com/en-us/HT204837
Boffey, D. (2017). A beginner’s guide to full disk encryption. https://www.makeuseof.com/tag/beginners-guide-full-disk-encryption/
Idrassi, M. (2022). VeraCrypt User Guide. https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html
Microsoft. (2022). BitLocker: Frequently asked questions. https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions
Determining The Encryption Used
To decrypt an encrypted external hard drive, you first need to identify the encryption method used. There are a few ways to determine this:
On Windows, open File Explorer and look for a padlock icon on the drive. This indicates BitLocker encryption. You can also check Disk Management – encrypted drives will show “BitLocker Encrypted” in the status. [1]
On Macs, open Disk Utility and check for “Encrypted” under the drive name – this means FileVault encryption. The drive icon will also appear locked rather than mounted. [2]
For VeraCrypt, encrypted containers will have a “.tc” file extension. However, some products offer “plausible deniability” without this extension. You may need VeraCrypt installed to analyze the drive further. [3]
Third-party drive encryption utilities like DiskCryptor and SafeGuard Enterprise also exist. Identifying these requires looking up documentation on the specific utility used if known.
If the encryption method is still unclear, advanced forensics tools may be required to further analyze the drive and identify the encryption.
Obtaining The Decryption Key
The decryption key is required to unlock an encrypted external hard drive. The key was created and stored in a specific location during the encryption process. There are a couple ways to obtain the decryption key depending on the encryption method used:
For BitLocker encryption, the 48-digit recovery key was generated and can be located in your Microsoft account. Go to https://account.microsoft.com/devices/recoverykey and sign in to view BitLocker recovery keys associated with your account. If you don’t have a Microsoft account, the BitLocker recovery key may have been printed or saved to a file during encryption.
With FileVault encryption, the recovery key is generated and stored in your keychain. You can view it by opening Keychain Access on your Mac, locating the recovery key and clicking ‘Show recovery key’. If lost, you may be able to reset the password by answering your security questions.
For VeraCrypt containers, the passwords and keyfiles used during encryption are required for decryption. VeraCrypt does not store or generate recovery keys. If you lost the password or keyfile, decryption becomes very difficult.
If you no longer have the original decryption key, there are recovery solutions like Passware Kit that can decrypt the hard drive but they are often expensive and not guaranteed to work.
Decrypting BitLocker Drives
To decrypt a drive that has been encrypted with BitLocker in Windows, there are two main methods you can use – the BitLocker recovery key or the password.
To decrypt with the BitLocker recovery key, you will need to have saved this key previously. The recovery key is generated when you first enable BitLocker encryption on a drive. If you have this 40-digit recovery key, you can decrypt the drive by:
- Selecting the locked drive and clicking “Unlock Drive” in File Explorer
- Entering the recovery key when prompted
The drive will then be decrypted and accessible again using the original password or key that was used to encrypt it initially. Just be sure to keep the recovery key safe and stored externally from the encrypted drive for this method to work.
Alternatively, if you don’t have the recovery key but know the original password used to encrypt the drive, you can unlock and decrypt the drive by:
- Right-clicking the locked drive in File Explorer and selecting “Unlock with Password”
- Entering the correct encryption password for the drive
This will decrypt the drive and restore access as long as you have the original password. Choosing a strong password that you can remember is crucial for this method.
Decrypting FileVault Drives
FileVault is Apple’s full disk encryption technology included on Macs running macOS. To decrypt an external drive encrypted with FileVault, you will need either the password or recovery key used to originally encrypt the drive.
If you encrypted the drive using your Apple ID, you can get the recovery key to decrypt the drive by signing in to https://iforgot.apple.com/password/verify/appleid with your Apple ID and password. On the next screen, click “Get Started” under the FileVault recovery key section. This will display your recovery key which can be used to unlock the encrypted drive.
If you encrypted the drive with a custom password, connect the encrypted drive to your Mac. Open Disk Utility and select the encrypted external drive. Click the “Unlock” button and enter the original password for the drive. After unlocking, you can fully access and use the decrypted external drive.
Decrypting VeraCrypt Containers
VeraCrypt can decrypt containers that were encrypted using VeraCrypt or TrueCrypt. To decrypt a VeraCrypt container, follow these steps:
1. Launch VeraCrypt and select a drive letter to mount the encrypted volume. Click ‘Select Device’ and choose the VeraCrypt container file you want to decrypt.
2. Enter the correct password to mount the volume. If the password is accepted, the encrypted volume will be mounted and accessible through the drive letter you selected.
3. With the volume mounted, you can copy files off of it to decrypt them. You can also right-click on the mounted drive in VeraCrypt and select ‘Permanently Decrypt’ to decrypt the entire container.
4. Choosing ‘Permanently Decrypt’ will decrypt the header key of the volume. After permanently decrypting, the container will be accessible like a normal drive without needing to supply a password.
5. If you forget the password or the container becomes corrupted, decryption may not be possible. Having a backup of the header key or password is critical for maintaining access to encrypted volumes.
For added security, VeraCrypt offers the option to encrypt containers using cascaded algorithms and multiple encrypted volumes. Decrypting these complex configurations requires supplying the correct password for each layer of encryption.
Source: https://veracrypt.eu/en/Removing%20Encryption.html
Troubleshooting Issues
If you are unable to decrypt your external hard drive, there are a couple common issues that may be preventing access:
Drive damage or corruption
If the drive has become physically damaged or corrupted, the encryption system may not be able to properly read the drive to decrypt it. Signs of damage could include clicking or beeping noises, the drive not mounting, or error messages when trying to access it. In some cases, specialized data recovery services may be able to repair and recover data from a damaged drive.
Incorrect key or password
One of the most common reasons an encrypted drive cannot be unlocked is using an incorrect password or encryption key. Double check that you are using the exact password or key that was used to encrypt the drive originally. If you have forgotten the password, there are sometimes recovery options available depending on the encryption type used, but this is not always possible.
Maintaining Access To Encrypted Drives
Once you have encrypted your external hard drive, it is critical to maintain access to the drive for authorized users. This involves safely storing decryption keys and allowing access for people who need it.
To store decryption keys securely, avoid writing them down where others may access them. Instead, store keys in a password manager or other encrypted location. You may also entrust a second authorized person with the key in case you become unavailable. For BitLocker, the key can be stored in your Microsoft Account. FileVault keys are stored in your iCloud Keychain by default. For VeraCrypt, carefully manage the generated passphrase.
To allow access for authorized users, share the decryption key only with people who need access to the encrypted drive. When sharing the key, use secure channels to avoid interception. You may also configure the encrypted drive to allow access only from certain authorized computers or accounts. Maintaining rigorous control of the decryption key is crucial to preserve security.
With proper key management and access control, you can securely provide availability for authorized users while keeping your encrypted external drive’s contents private. Storing keys safely and allowing access judiciously will lead to success using drive encryption.