With traditional symmetric encryption, this is impossible – you need to encrypt a file with exactly the same key it'll be decrypted with.
What you're looking for is asymmetric, or "public-key based" cryptography, as used in PGP and SSL. In asymmetric algorithms, you have a pair of keys, one for encryption (public), other for decryption (private). The encryption key can be made publicly available and anyone could use it. (It's how HTTPS works, by the way.)
Unfortunately, I'm not aware of any "archive"/"container"-type programs that work this way, mostly because it's somewhat tricky to create append-only archives reliably – either you have to store the metadata unencrypted, or you run into serious data corruption risks. However, it works well if you only have one output file per input, such as...
...One possibility is to install portable GnuPG, a free PGP implementation, and write a script to automatically encrypt files into a "temporary" folder. Later at a secure location, you could decrypt these files with GnuPG again and move them into your TrueCrypt container.
For example, this .cmd
script would encrypt all files drag-and-dropped on it:
@echo off & setlocal
:: I assumed a USB stick, so here %~d0 will expand to the drive letter.
:: Where this script looks for GnuPG
set GNUPGDIR=%~d0\Apps\GnuPG
:: Where GnuPG looks for its keyrings
set GNUPGHOME=%~d0\Private\GnuPG
:: Where the encrypted files are put
set DESTDIR=%~d0\Private\Encrypted
:: Your PGP key ID or email
set RECIPIENT=grawity@gmail.com
if not exist "%DESTDIR%" mkdir "%DESTDIR%"
:loop
if "%~1"=="" goto :eof
echo Encrypting "%~1"
"%GNUPGDIR%\gpg" -r "%RECIPIENT%" -e -o "%DESTDIR%\%~nx1.gpg" "%~1"
:next
shift
goto :loop
No you are not missing anything. It might be more useful for you to ask for a solution to your problem, instead of asking for confirmation of what you already knew. But the only way to be 99.99% sure is to boot the insecure computer from a live-cd or from a USB. – Nifle – 2011-12-21T22:36:38.500
1The last 0.01% is that nagging worry that they have a hardware-key-logger installed. – Nifle – 2011-12-21T22:40:13.797
@Nifle I am hoping for a solution since I would like to be able to do this for the reasons I outlined. I'm just admitting right up front that I do not think anyone has one since I think (but don't know) that what I'm asking for is genuinely impossible. – TimothyAWiseman – 2011-12-21T22:42:51.017
While it may be possible, I don't think it is a good idea. Imagine a safe: to add an item to your safe, you have to first unlock/open it. You cannot pass an item through a wall. But let's say you *can* pass items through a wall: how can you be sure no items will be removed from the safe this same way? – iglvzx – 2011-12-21T22:47:28.300
1@iglvzx Ironically, while I suspect its impossible digitally, I think you could do it physically. Just look at package drops in a post office. It is easy to deposit a package, but hard to retrieve one without going through the locked door to the area it deposits into. Of course, on a high security safe, adding such an entry may make it less secure than otherwise, but properly designed it could still provide a reasonable amount of security. – TimothyAWiseman – 2011-12-21T23:04:57.220
3@iglvzx: The solution is, of course, to invent a one-way wall. – user1686 – 2011-12-21T23:06:38.907
1@TimothyAWiseman good analogy, look at the safe in a convience store, things go in , and it is VERY secure still. – Psycogeek – 2011-12-21T23:13:20.403