Internet privacy and security course
Aa font
AA font size
About translation
Previous Next

Chapter 41

Encryption of external data storage devices with TrueCrypt and VeraCrypt

I will start this part with a tip that’s worth an entire article.


All removable media: USB flash drives /SD cards /portable hard drives, etc. should be encrypted.

In general, all your removable media should be encrypted. If you have an unencrypted device, encrypt it immediately after you read this chapter. Be aware that you shouldn’t rely on the encryption preinstalled by the developer.

I frequently get the following question from users, “What if the developer of my device offers built-in encryption, do I have to encrypt my device again?” My answer has always been the same, “Yes, you do”. First, developers don’t always use secure data encryption algorithms. Second, in many countries, to sell a device with built-in encryption, they are supposed to pass decryption keys to special agencies to enable their access to encrypted data if necessary. It is probably done with good intentions, still, I believe that this practice compromises the idea of secure data encryption.

Personally, I always carry a securely encrypted external hard drive where I store all my paperwork. This allows me to use all operating systems, including Windows, Tails, Whonix and macOS. I just run the system and decrypt my external hard drive: if I need to change the system, I turn on a different one and again decrypt my hard drive.

Encrypting an external storage device with TrueCrypt and VeraCrypt

The encryption of external storage devices doesn’t differ much from that of an encrypted file-hosted volume, and we are going to skip a few steps like, for instance, the keyfile creation. The previous guide used the Windows version of VeraCrypt, so in this part we will be taking you through the VeraCrypt version running on a macOS machine.

The guide below can be consulted for any external storage device: from USB flash drive to external hard drive with the capacity of several TB.

Run TrueCrypt / VeraCrypt and click Create Volume - this button is intended for creating encrypted space, and we will start any encryption by using it. 

VeraCrypt SD encryption

 Then go for the second option – Create a volume within a partition/drive. The first pre-selected option displayed by default asks us to create a simple file container of the required size.


Then the application will ask you if you want to create a Standard or Hidden encrypted volume type. Select Standard VeraCrypt volume, you will find out how to use hidden file containers in one of the next parts. 

VeraCrypt standard

Next, select the external storage device that needs to be encrypted. ClickSelect Device.

Vera Crypt

Be aware that during encryption your hard drive is formatted, and all your files will be removed (you will get repeated warnings about it from the application).


In the next step, you need to pick the encryption option. Be aware that your encryption algorithm affects the speed of your file performance, and if you intend to encrypt a storage device with more than 16 GB capacity, I recommend using AES. If your device has less than 16 GB capacity, you can use AES-Twofish-Serpent.

AES VeraCrypt

Then you’ll need to generate a strong password. For maximum security, you should also add a keyfile. We gave you a detailed explanation on how to do it when we were creating an encrypted file-hosted volume.

VeraCrypt password

 Next, the VeraCrypt Volume Creation Wizard will ask you if you want to store files larger than 4 GB. The second choice I will store files larger than 4GB on the volumemeans you will be storing such files.


Next, you’ll need to choose the filesystem type: Mac OS Extended