How to encrypt a USB drive with VeraCrypt (compatible with Windows, macOS and Linux)

VeraCrypt is a free, open source disk encryption utility that can create a virtual encrypted disk in a file or encrypt a partition. On Windows, it can also encrypt the entire storage device with pre-boot authentication.

The application was spun off from the TrueCrypt project and has since received security improvements as well as optimized implementations of cryptographic hash functions and encryption that increase the performance of modern CPUs.

This article explains how to encrypt a USB drive with VeraCrypt with step-by-step screenshots including which partition type to choose if you want it to be compatible with multiple operating systems (Linux, Windows, macOS) and how to do so mount it / access the encrypted USB drive.

It should be noted that VeraCrypt allows you to create an encrypted USB stick in a similar way on Linux, Windows, and macOS, but VeraCrypt’s user interface may be slightly different. You may also encounter different options depending on the operating system you are using (for example, the file system types), but the important steps should be the same. In the screenshots below, VeraCrypt 1.23 was used for Linux (in Ubuntu 18.10).

VeraCrypt installation

You can download the VeraCrypt setup binary or source from this page.

On Linux, you can download packages for some Linux distributions, such as DEB for Debian (including Raspberry Pi OS) / Ubuntu and Linux distributions based on it, as well as RPM for CentOS and openSUSE. Or you can download a generic binary that will run on any Linux distribution.

To install this generic Linux installer, download the VeraCrypt archive setup.tar.bz2 and extract it to your home folder. Then enter the extracted VeraCrypt folder via a terminal, make the script with the extension setup-gui-x64 (for Linux 64bit) executable and then run it:

cd veracrypt*setup
chmod +x veracrypt*setup-gui-x64

Ubuntu / Linux Mint / Pop! _OS users can also use a third-party PPA to install VeraCrypt, e.g. This one here. But using a PPA for an encryption tool like VeraCrypt isn’t exactly a good idea. Even so, I’ll add the installation instructions for Ubuntu and Linux Mint PPA below:

sudo add-apt-repository ppa:unit193/encryption
sudo apt-get update
sudo apt install veracrypt

Encryption-related articles you might find interesting:

  • EncryptPad: Encrypted text editor for your secrets
  • How to encrypt home folder in Ubuntu 18.04
  • Cryptomator secures your cloud storage data (open source, cross-platform client-side encryption tool)

How to encrypt a USB drive with VeraCrypt

1. Select a slot in VeraCrypt (from the list in the middle of the application) then click on Select Device and click on your USB device:

Of the Select a Partition or Device Dialog that opens, select your USB stick:

2. Click on the Create Volume and select in the window that opens Create a volume within a partition/drive, and then click Next:

This option formats and encrypts the partition, so all data on the USB will be lost! If you prefer to create a virtual encrypted disk inside a file (which can be placed on the USB drive along with unencrypted files), select the option Create an encrypted file container Option instead. However, this article is all about creating an encrypted USB drive.

Select on the next screen Standard VeraCrypt volume and click Next:

You can also use a hidden volume here, but these instructions assume you are using a standard volume. A hidden volume is useful when you need to reveal the password of an encrypted volume and cannot refuse it – in such cases a VeraCrypt volume will be created in another VeraCrypt volume and it should be impossible to prove that it is a hidden volume in it or not. More information here.

3. On the next screen, you will need to enter the location of the volume. Click on Select Device and select the USB device (the screen is similar to the USB stick selection screen in step 1):

After selecting the USB device, click Next in the VeraCrypt Volume Creation Wizard window.

Make sure that you have selected the USB drive to be encrypted and not any other device. The device will be formatted and the data on it will be lost! Read the warning that VeraCrypt displays carefully, then click Yes:

VeraCrypt will prompt you for your user or administrator password – enter it and click OK:

You will now see a warning that formatting the device will destroy all data on it. click Yes keep going.

4. On the next screen you will see the VeraCrypt encryption options:

If you’re not sure what to choose from here, don’t do that Encryption Algorithm and Hash Algorithm to their default values ​​(AES / SHA-512) and click on Next.

5. VeraCrypt now asks you to enter a volume password:

Choose a strong password as this will be used to encrypt / decrypt the volume. You can also use a key file that is combined with the password to better protect the encrypted volume. Make sure you don’t forget the password or lose the key file as without it it will be impossible to mount the volume.

6. The next screen of the VeraCrypt Volume Creation Wizard asks if you want to store files larger than 4 GB on the volume or not:

This determines the type of file system that appears as an option on the next screen. For example, if you have the. choose I will store files larger than 4 GB on the volume Option, the next screen does not show the FAT file system option as it does not support files larger than 4 GB.

7. Now you need to select the file system type:

If you want your encrypted USB stick to be compatible with Linux, Windows and macOS, choose between exFAT, FAT and NTFS.

I want to make a few notes here. FAT does not support files larger than 4 GB. So keep that in mind. NTFS is supported on both macOS and Linux (and Windows, of course), but read / write support can be poor on these two operating systems. ExFAT is well supported on Windows, macOS, and Linux, but it may require some packages to be installed on some older Linux systems (e.g. older versions of Ubuntu that you need to install) exfat-fuse and exfat-utils). My recommendation is to go with the exFAT file system.

For full compatibility between operating systems (but without support for files larger than 4 GB), older Linux distributions also use a FAT file system type (without having to install anything else).

If you only want to use the USB stick on Linux computers, you can select the file system type Ext4.

8. In the next step, choose whether you want to mount the volumes on other platforms and click on Next:

After clicking Next, a warning will appear if you’ve chosen to mount it on other platforms and choose a filesystem type other than FAT. click OK since we already covered this part in the previous step, so you know what it is about.

9. The next screen is titled Volume Format and here you have to move your mouse randomly in the VeraCrypt window to create an entropy pool that increases the cryptographic strength of the encryption keys.

As soon as the Randomness Collected From Mouse Movements If the bar is filled, you can click on it Format click, then click Yes when prompted:

VeraCrypt will now start creating the volume and display the percentage, speed and time remaining. When it’s done, click Exit.

How to access the USB drive encrypted with VeraCrypt

To access a USB drive encrypted with VeraCrypt, start VeraCrypt, select a “slot” (from the list in the middle of the application; this is called “drive” in Windows) and then click Select Device, and select your USB device as in step 1 from the encryption instructions above.

Next, click Mount and enter the password you set in step 5:

You may also be asked for your user or administrator password to mount the volume.

You should now see the USB drive mounted in your file manager. In newer versions of Nautilus (the default Gnome file manager), you may need to click Other Locations to access the mounted VeraCrypt encrypted USB drive:

You can also double-click the mounted entry in VeraCrypt to start your default file manager with the location of the mounted volume, or enable the VeraCrypt option (Settings -> Preferences -> System Integration) to automatically open a file browser window when a volume is successfully mounted.

Related Posts