If I encrypt a file with TrueCrypt, the presence of the TrueCrypt exe is evidence that I have encryption on the computer. Even if the executable is in a portable drive, that someone could find it gives away that I've encrypted something. With that being said, is there a way to encrypt a file, but somehow not leave any tell-tale signs of encryption?

4 Answers 4


As long as you need to decrypt your files to access them, I'm not sure how you could hide the fact that encryption/decryption takes place on the machine.

If you're trying to protect yourself in the event that you're forced to give up your password, there is something you can do with TrueCrypt. Create a hidden volume. This essentially sets up a TrueCrypt volume embedded inside another TrueCryt volume.

The inner volume holds the data you're trying to protect, and you encrypt it using a secure password that you alone know.

The outer volume serves as a sort of "honey pot". You put files in there that LOOK like you'd want to protect them, but aren't actually sensitive. If under duress, you can give up the outer password (different from the one for the inner volume) and whoever's asking you for the password will see the insensitive data.

Since TC volumes always occupy a fixed amount of disk space, you can deny the existence of the embedded volume. TC provides a nice interface for this. From the outside it's very transparent. Give the password for the inner volume, you get its data. Give the password for the outer volume and you only get its data.

You can read more about using this feature of TrueCrypt at:


  • I suppose this is the best one can do. The presence of the TrueCrypt executable is always going to give away that you have encryption somewhere. Even the 'hidden volume' trick would be of minimal use, since a person who knows how TrueCrypt works would suspect there was a hidden volume in your machine.
    – RHPT
    Commented Nov 9, 2011 at 16:55

What you are looking for is deniable encryption, where the encrypted files are "hidden" in such a way that cannot be identified easily as encrypted files.

The wikipedia link provides examples of software that can do this on various platforms.


It seems you want more than just deniable encryption, you want steganography.

It is virtually impossible to have perfect steganography, specially if you are already seen by your adversary as a suspect.

Something that could do that would work in most situations is to use an unformatted partition instead of a file. Using Linux is a good idea since there is no truecrypt.exe to raise suspicion.

In the end, it all depends on how often you adversary will have access to your computer, and how eager they are in finding hidden encryption.

Also, keep in mind that some people or offices, if they think you might be doing something that they consider really bad, they may simply send you to places where there is no law, and keep coercing you to give up passwords and keys even if after there is none left.


You seem focused on hiding the TrueCrypt executable, but you could hide that with techniques like renaming the file and then keeping it in a zip file with a different name. It certainly won't be impossible to find, but it can be made quite difficult. To take it another step, many virtual machines store the VMs state and the VMs virtual harddrive in one massive file. Things that need to be concealed could be tucked inside of the VMs harddrive.

But even being able to completely hide the executable will not help hide the TrueCrypt files. They are by nature difficult to find (as long as you don't do something obvious like use a .TC extension and associate them with the TrueCrypt executable of course.) But there are ways to determine that it is statistically likely that a particular region of a harddrive is encrypted data. See http://en.wikipedia.org/wiki/Truecrypt#Identifying_TrueCrypt_volumes

As Vickash points out, you can use hidden volumes and similar techniques to hide the amount of material that is encrypted, but that is different from hiding that anything at all is encrypted.

But, just about all modern computers have some form of encryption on them. Remember that WinZip and 7-Zip both have (slightly limited) encryption capabilities built in, as does Microsoft Office. For that matter, https uses encryption, though not in a way you could easily bend to encrypting files at rest. Even Windows itself now comes with BitLocker.

Also, just about all modern programming languages come with robust encryption abilities as built in libraries. Many of these programming languages (Python, Lisp, etc) allowe direct execution of commands through the interpreter.

So, one way to conceal encryption software would be to use encryption capabilities built into something which is not commonly associated with encryption. But, again, that only helps conceal the encryption software itself by essentially hiding it in plain sight. There are ways to search for ZIP files which are encrypted, etc. So, a truly determined attacker with the right knowledge and sufficient time could still likely determine that cryptography was used.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .