What is BitLocker and how to enable it?
BitLocker is a Drive Encryption security feature for Windows that encrypts everything on the drive. Drive encryption helps us to protect our data by encrypting it so it can only be accessed by people who have authorization. If our computer had been stolen or the hard drive was taken, no one can access the files or copy the files without the password.
In this tutorial, we will learn what is Device encryption and how to encrypt our device using Windows native security feature known as "BitLocker".
What is Encryption & Decryption?
A Method "Cryptography" is used to secure and protect information during communication. This method helps to prevent unauthorized person from accessing any confidential information. Encryption and Decryption are the two essential parts of cryptography.
□ Data Encryption: A Message (plain text) sent over the network is transformed into an meaningless (cipher text) message known as data encryption.
□ Data Decryption: At the receiving end, the received message (cipher text) is converted to its original form (plain text) known as decryption.
How does BitLocker Work?
BitLocker is a computer hard drive encryption and security program released by Microsoft corporation as a native application in its windows. It is a drive security and encryption program that protect drive contents and data from being viewed, extracted or retrieved in case a drive is stolen and is being used on another computer.
BitLocker uses an AES encryption algorithm with a 128-bit key or 256-bit key to encrypt drive. BitLocker is used in conjunction with a hardware component known asTrusted Platform Module ( TPM ). The TPM is a microchip on PC's motherboard, that enables our device to support advanced security features. Mostly PC doesn't support TPM, but still windows allow us to use BitLocker feature without TPM.
When we enable BitLocker, we create a personal identification number or PIN that will be required to enter each time we start up our computer. While enabling BitLocker, aRecovery Key is generated. The Recovery key is used to gain access to our computer in case we forget our PIN. BitLocker store its recovery key in the TPM.
System Requirements to enable BitLocker.
To Use BitLocker, your computer must satisfy the following requirements.
□ BitLocker is available on following operating system.
○ Window 7 - Enterprise or Ultimate edition.
○ Windows 8 - Professional or Enterprise edition.
○ Windows 10 - Education, Pro, or Enterprise edition.
□ For windows 7, The trusted Platform Module (TPM) version 1.2 or higher must be installed. It must be enabled and activated.
□ You must logged in as an administrator.
Enable Trusted Platform Module (TPM).
Normally, the TPM is turned on as a part of the TPM initialization process. We do not need to turn on the TPM. However if it is required to turn it on, follow the given link.
» Troubleshoot the TPM
How to use BitLocker without a TPM?
BitLocker generally requires a computer with a trusted platform module (TPM) on your PC's motherboard. This chip generates and store the encryption keys that BitLocker uses. But if your PC doesn't have a TPM, you can use a "Group Policy" to enable BitLocker without a TPM. It's a bit less secure but still more secure than not using encryption at all.
Follow the given steps to Enable BitLocker with a TPM.
① Press Window key + R to open the Run command, type gpedit.msc in the text box and click ok.
② In "Local group policy editor" window, Under computer Configuration, Expend "Administrative Templates » Windows Components » BitLocker Drive Encryption" and choose "Operating System Drives".
③ On the right side, double click on "Require additional authentication at startup".
④ Enable the option.
⑤ Check the "Allow BitLocker without compatible TPM" option.
⑥ Apply the setting and press ok.
Turn on BitLocker.
Once we done with step 4 or step 5 and we made sure BitLocker can be enabled properly on our machine, we can proceed with the following steps to enable it.
① Press window key and search for "Control Panel" and open it. Then go to "System and Security".
② Scroll down and choose "BitLocker Drive Encryption" option.
③ Select your drive, click the arrow icon to expend it and turn on the BitLocker.
④ Check the option to use a password and enter the password you want to set in the password box.
⑤ Click Next to proceed.
In next window, we need to save a recovery key to regain access to our files in case we forget our password. Windows gives us some options for saving the key. Select the option that is most convenient for you. and save the recovery key in a safe place. In my case I’ll save it as a file in another folder.
⑥ Select the option that is convenient for you. Save the file and proceed next.
⑦ In next window, we need to choose how much of our drive should be encrypted. Select first option if your computer is new and there is nothing in the drive, else select second option and proceed next.
⑧ In next windows, we need to choose the mode of encryption. If the drive is fix select the first option and if the drive is removable use second option and click next.
⑨ In next windows, A confirmation message will appear, If you sure you want to encrypt the drive now, just click "Start Encrypting". The process will take some time depending on the size of the drive to encrypt the whole drive.
⑩ And finally, the process begin, and we successfully start encrypting our drive. It will take some time depends on the size of the drive and when the encryption is done, you will get the success message.
Manage BitLocker Drive.
If you want to back up your recovery key, or you want to change the password or maybe you want to turn off the BitLocker, Follow the given steps to learn how to manage BitLocker drive.
① Open your file explorer then go to "This PC", Right click the encrypted drive and select "Manage BitLocker".
② In BitLocker encryption windows, you'll see some options to manage the BitLocker.
□ You can back up your recovery key again.
□ You can change your Password.
□ Or even you can remove the password.
□ You can turn off the BitLocker if you want to decrypt the drive.
Checking BitLocker Drive Status.
We can use a simple CMD command to check our BitLocker drive status. Using this command, we can check the -
□ Size of drive.
□ BitLocker Version.
□ Encryption Method.
□ Protection Status - The device is protected or not yet.
□ Lock Status - Currently the drive is locked or unlocked.
□ Key Protectors - The drive is protected with Password or TPM.
To learn how to check the status - follow the given steps.
① Press window key, search for "cmd", right click on the "command prompt" app and run it as an administrator.
② Type the following command and press enter.
③ Above command will show you the complete status of your BitLocker protected drive. In my case, my drive is fully encrypted and protected. currently unlocked, and the key protector is "Password".