Encryption of external data storage devices with TrueCrypt and VeraCrypt
I will start this part with a tip that’s worth an entire article.
All removable media: USB flash drives /SD cards /portable hard drives, etc. should be encrypted.
In general, all your removable media should be encrypted. If you have an unencrypted device, encrypt it immediately after you read this chapter. Be aware that you shouldn’t rely on the encryption preinstalled by the developer.
I frequently get the following question from users, “What if the developer of my device offers built-in encryption, do I have to encrypt my device again?” My answer has always been the same, “Yes, you do”. First, developers don’t always use secure data encryption algorithms. Second, in many countries, to sell a device with built-in encryption, they are supposed to pass decryption keys to special agencies to enable their access to encrypted data if necessary. It is probably done with good intentions, still, I believe that this practice compromises the idea of secure data encryption.
Personally, I always carry a securely encrypted external hard drive where I store all my paperwork. This allows me to use all operating systems, including Windows, Tails, Whonix and macOS. I just run the system and decrypt my external hard drive: if I need to change the system, I turn on a different one and again decrypt my hard drive.
Encrypting an external storage device with TrueCrypt and VeraCrypt
The encryption of external storage devices doesn’t differ much from that of an encrypted file-hosted volume, and we are going to skip a few steps like, for instance, the keyfile creation. The previous guide used the Windows version of VeraCrypt, so in this part we will be taking you through the VeraCrypt version running on a macOS machine.
The guide below can be consulted for any external storage device: from USB flash drive to external hard drive with the capacity of several TB.
Run TrueCrypt / VeraCrypt and click Create Volume - this button is intended for creating encrypted space, and we will start any encryption by using it.
Then go for the second option – Create a volume within a partition/drive. The first pre-selected option displayed by default asks us to create a simple file container of the required size.
Then the application will ask you if you want to create a Standard or Hidden encrypted volume type. Select Standard VeraCrypt volume, you will find out how to use hidden file containers in one of the next parts.
Next, select the external storage device that needs to be encrypted. Click Select Device.
Be aware that during encryption your hard drive is formatted, and all your files will be removed (you will get repeated warnings about it from the application).
In the next step, you need to pick the encryption option. Be aware that your encryption algorithm affects the speed of your file performance, and if you intend to encrypt a storage device with more than 16 GB capacity, I recommend using AES. If your device has less than 16 GB capacity, you can use AES-Twofish-Serpent.
Then you’ll need to generate a strong password. For maximum security, you should also add a keyfile. We gave you a detailed explanation on how to do it when we were creating an encrypted file-hosted volume.
Next, the VeraCrypt Volume Creation Wizard will ask you if you want to store files larger than 4 GB. The second choice I will store files larger than 4GB on the volume means you will be storing such files.
Next, you’ll need to choose the filesystem type: Mac OS Extended – for macOS; NTFS – for Windows.
The next step is required only for macOS users. The Wizard will ask you if you want to use the given external storage device on other operating systems. I will mount the volume on other platforms means that you’ll run the encrypted hard drive on other operating systems (not only on macOS). I use external storage device only on macOS, so I select I will mount the volume only on macOS.
Now you need to move your mouse around the screen to generate a secure key (this step is not available in TrueCrypt).
Now click Format and wait until the encryption process of your external storage device is complete. Be aware that the time it takes to encrypt an external storage device depends on its size and can be quite lengthy.
If you follow along with the above steps in Windows or Linux or use TrueCrypt, their interface can look slightly different, but you are unlikely to encounter any problems. Now let’s take a look at how to mount an encrypted external storage device.
Using an encrypted storage
Insert the encrypted device into your PC. You may see a prompt saying that the system is unable to read the device – ignore it. Run TrueCrypt or VeraCrypt. Select the location where you will mount your device and click Select Device.
Next, pick the encrypted hard drive.
Click Mount, indicate login and access to the key and mount the external hard drive.
Remove encrypted external storage devices properly. Select the mounted hard drive in the application and click Dismount. Once the hard drive is dismounted, you can remove your external device.