BitLocker Drive Encryption is a tool in the Windows operating system for encrypting the entire contents of a drive from a computer hard drive. In this post, we do not intend to discuss the concepts of cryptography. You can read this post to understand these concepts.
This tool in Windows 10 is located in the control panel. Click on it. Following window appears:
This feature is off by default. As you can see in the figure for each of the partitions. You intend to encrypt the entire E partition using this tool. Then in the section related to this partition, you click Turn on BitLocker.
The following window will appear:
When you want to encrypt something, you need to specify how you should be able to decrypt it later. BitLocker offers us two solutions: (Of course you can choose both)
- Use a password to unlock the drive: You must enter a complex password.
- Use my smart card to unlock the drive: You must insert smart card. The smart card PIN will be required when you unlock the drive.
On the next page you need to decide how to make a backup for the recovery key.
But what is recovery key? Suppose you forget your password or lose your smart card – for whatever reason. Now how should you be able to unlock encrypted (locked) content? BitLocker has thought about this problem and designed a key called the recovery key. Anyone with access to this key can access encrypted content. Therefore, people should be prevented from accessing this key, but you should be able to access this key to unlock encrypted content.
If you forgot your password (or lost your smart card) and later lost the recovery key, then you will be no different from a stranger and BitLocker will prevent you from accessing the content forever. So it is very important to creating a secure backup of this key and saving it in a safe place.
BitLocker provides you with the following solutions:
- Save to your Azure Account. Read this post about Microsoft Azure.
- Save to a USB flash drive
- Save to a file ( a text file)
- Print the recovery key
You have to choose an option, but be careful of that USB flash drive, that text file, or that printed version. Be sure to keep it in a very safe place. Do not let anyone else access it.
The next page appears.
On this page, you must select one of the following radio buttons:
- Encrypt used disk space only
- Encrypt entire drive
On this page, the necessary explanations are written about each of these two modes. Carefully read the description and then choose one of the two modes.
On the next page you need to set the encryption mode.
The description of this page is quite clear and there is no need for additional explanation. In a nutshell, if you are not going to put this disk on another computer (which hosts Windows older than Windows 10 version 1511), it is better to choose the first option.
When you click the next button, the last page appears. Click the Start Encrypting button on that page.
You can change the settings and configuration even after the end of the encrypting operation. Just click on BitLocker Drive Encryption again in the Control Panel to see the following settings:
As you can see, BitLocker has now switched from off to on. Also, if you have Administrator privileges, you can:
- Create a backup of the recovery key again.
- Remove the Password and Change password.
- Add Smart Card.
- Turn on auto unlock. You can specify that if you log in with a specific user, then BitLocker unlocks this drive without asking for enter password or without asking for inserting Smart Card.
- Turn off BitLocker.
Note that there is now a lock on the icon of this drive, which of course is open. This is open because you have not restarted this computer after encryption, if you restart the computer then this drive will have a locked icon. Also, since the operating system is not installed on this volume, this volume is considered Removable.
There are two way for unlock this drive:
- In This computer’s window, right-click on this drive, and select Unlock Drive.
- In This computer’s window, double-click on this drive.
In either case, a dialog box will appear in which you must enter the password you specified (Of course, if you have already chosen to use the password in the encryption wizard):
Finally, click on Unlock button.
What should you do if you forgot your password? You must use the recovery key. Now, open text file or look printed version:
Then, in the Unlock Drive dialog box, first click on More Options and then click on Enter Recovery Code.
The following box appears and asks you to enter the recovery key in it.
Enter (or copy-paste) recovery key, and finally, click on Unlock button.