Check out how I’m using multiple encryption layers on a single external hard drive. The great thing is about this setup, is that its portable to other computers running virtual guest operating systems. You can use any host OS, guest OS, and any encryption software that you like. These are just the options I choose with my particular setup at the moment.

First I’m running a Windows host OS with True Crypt installed. The external drive is first encrypted using some pretty hefty algorithms. Then it is mounted in the True Crypt software as a system drive letter. Now, your encrypted external drive shows up in Windows Explorer as a usable drive. You can use it just like this if you want, but there is still more you can do to make it so much harder for someone to get into your data.

Now I am going to start up Virtual Box (or another virtualization application) and create a secondary hard drive that is located on the encrypted external hard drive for my Debian virtual machine. Boot it up, mount the secondary drive in the virtual machine. The virtual machine sees the secondary drive as a locally connected disk just as if you had installed a second hard drive into the system. Then you can use True Crypt again installed on Debian to encrypt the secondary drive.

There are several layers of protection here.

  1. Your external hard drive is encrypted
  2. Once this is broken, if they can, all they see is the .vdi file from Virtual Box.
  3. Once they get this connected to one of their virtual machines, they have to mount it.
  4. When they boot up their virtual with your .vdi file (Virtual hard drive), they will have the break the encryption once again, if they can.

So its like encrypting the hardware at the host OS level, then encapsulating the data into a virtual hard drive for use with a virtual machine, then encrypting it once again. This setup is definitely not made for performance, but for data that you really do not want anyone to get into. My experience with performance using this setup really isn’t all that bad. I’ve been able to write data to it from a Samba share from the virtual to the host machine without much trouble at all.