encryption


Enable BitLocker without TPM.

As technology advances, the need for security in our devices also increases. Windows 10 Pro offers a feature called BitLocker, which can help protect your files from unauthorized access. However, not all devices have a Trusted Platform Module (TPM) chip that BitLocker requires to function. Don’t worry, though, as there is still a way to enable BitLocker on your device without a TPM.

In this post, we will guide you through the process of enabling BitLocker on your Windows 10 Pro device without a compatible TPM. We have also included a video tutorial that you can follow along with.

Step 0: Check if your device has a compatible TPM.

Before we get started, you should check if your device has a compatible TPM. To do this, press the Windows key + R on your keyboard to open the Run dialog box. Type tpm.msc and press Enter. If your device has a TPM, you will see a window that shows its status.

Step 1:

Follow the steps in the video to change the configuration of BitLocker so that it will allow you to set it up without a compatible TPM.

Step 2: Enable BitLocker

If your device does not have a compatible TPM, we can still enable BitLocker by using a password or USB key instead. To enable BitLocker, right-click on the drive you want to encrypt and select “Turn on BitLocker.”

Step 3: Choose your preferred unlock method

When prompted to choose an unlock method, select “Enter a password” or “Insert a USB flash drive.” If you select the USB option, you will need to insert the USB drive before proceeding.

Step 4: Choose how much of your drive to encrypt

You can choose to encrypt only the used space or the entire drive. Select your preferred option and click “Next.”

Step 5: Choose where to store your recovery key

Your recovery key is a backup that you can use to access your files if you forget your password or lose your USB key. Choose whether to save the recovery key to your Microsoft account, save it to a file, or print it. Make sure to store your recovery key somewhere safe.

Step 6: Begin the encryption process

Once you have chosen your settings and saved your recovery key, click “Start encrypting.” The encryption process may take some time, depending on the size of your drive.

Congratulations! You have successfully enabled BitLocker on your Windows 10 Pro device without a compatible TPM.

Please refer to the accompanying video for a visual guide and demonstration of the steps outlined in this post.


Increase BitLocker to 256-bit

Encryption is an essential security measure that helps protect your sensitive data from unauthorized access. One of the most popular encryption tools available for Windows 10 Pro is BitLocker, which can encrypt your entire hard drive or specific folders and files. By default, BitLocker uses 128-bit encryption, which is considered secure but not the most robust option. If you want to increase the encryption key to 256 bits, which is the highest level of encryption currently available, follow these steps:

In summary, increasing your BitLocker encryption key to 256 bits is an easy way to add more security to your data. With 256-bit encryption, you can rest assured that your sensitive data is well protected.


Create an encrypted 7zip archive with encrypted header as well (no filenames are visible)

In case you come to a scenario where you need to encrypt, password protect the contents of a 7zip archive and make sure that not even the filenames of the contents are visible, 7zip has your back! As you can see in the following example you can implement the above requirements very easily.

7z a -p"pbVfdPs27Dc" -mhe hello.7z file1.bin file2.doc files.*

The structure of the above 7z command is the following:

#Based on: 7z <command> [<switches>...] <archive_name> [<file_names>...]
7z a -p"Some Password!.32@" -mhe <archive_name> [<file_names>...]

To break it down, it goes like this:

  • We used the <command> a, which instructs the tool to add the listed files to the listed archive (if the archive does not exist, it will create it).
  • The <switch> -p, allows you to set the password for the archive.
  • The second <switch> -mhe (or -mhe=on) it enables data and header archive encryption.
    In case you cannot find this switch at the manual, check the examples in the man page (This command works on GNU/Linux, it was tested on Fedora).