How to encrypt a USB stick on Linux Windows and Mac OS

USB sticks are handy little storage extensions. They make it easy to transfer data from one computer to another and they help you keep private data off publicly accessed computers or workplace equipment. The fact that they are small and light makes USB sticks very easy to carry, hide, and store. Unfortunately, those very attributes also make them easy to steal or lose.

Losing a flash drive is annoying because you lose all of your important data along with it. However, the chances of someone else accessing that data is an even worse prospect. You can protect your data from being riffled through by a stranger by encrypting your USB stick.

One drawback to using any encryption system is that you restrict your own access to the data on your USB stick. For example, if you encrypt the USB stick with a Linux utility, you can only access those files by connecting the USB to a Linux computer, and only one with that same encryption utility installed on it.

Linux, Windows, and Mac OS all have native file encryption systems that are free to use. However, they are not automatically available. You have to locate them and install them before you can use them and in the case of the Mac utility, it won’t encrypt a USB stick.

A number of file and disk encryption systems are available and some of them are free of charge. However, again, using such tools mean that you can only transfer files from your USB stick onto computers that have that encryption tool installed. Some encryption systems are free of charge.

Partition the USB stick

Whichever encryption system you choose, you still face the problem that you will eventually need to decrypt it to get access to your files. If you only use the USB on one computer, then you won’t have much of a problem because the computer that you encrypted the flash drive from will still have the same software on it to enable you to access the encrypted stick. However, if you use your USB to transport files from one computer to another, and if you want to be able to connect it to any computer, then you are going to face a problem of software availability.

The simplest solution to this problem is to store the encryption software onto the USB stick. You don’t want the executable for decryption to be hidden behind the encryption, so you will need to partition the USB stick, encrypt part of it and store the encryption software on the unencrypted partition. That way, no matter which computer you go to with your memory stick, you just have to run the encryption program from the stick. Again, though, you will be restricted to only getting access to that software from computers running the operating systems with which the encryption software is compatible.

The majority of the USB stick encryption methods listed below will perform the partition process for you, so you don’t have to worry about that task. If you want your data to be truly portable and accessible from all operating systems, then the only way you can ensure compatibility is to partition the USB and create several copies of your data, making each partition encrypted in a format that is compatible with one operating system.

USB stick encryption software

It is possible to use an encryption manager that will only encrypt the files on your stick, not a partition and not the entire stick. This is a much more efficient method of managing your sensitive files because you may have other files that don’t need to be protected with security. You may use applications to protect your files on the way to cloud-based backup but they won’t help you secure your flash drive.

Software that manages the entire stick, creating a partition and installing itself on the unencrypted part is a great help. This list of USB encryption software includes free options as well as paid tools. You can store the software on your stick along with the encrypted data, avoiding software restrictions on the computers that you connect the stick to.

1. VeraCrypt


You don’t have to install VeraCrypt on your computer. Instead, you can download it directly onto your USB stick. When you access the program, you just need to locate it on the memory stick through a file browser and double click on it. The program does not have to be resident on the computer that executes it. However, VeraCrypt does require the presence of the Windows, Mac OS X, or Linux operating system in order to run.

VeraCrypt sorts out the problem of partitioning your USB stick because it will perform that task for you. You don’t have to partition the stick in order to protect the files on it. VeraCrypt operates in three modes. You can create a partition and encrypt that; you might opt for an encrypted container, which is a little like a password protected zip file; or VeraCrypt can create a hidden, password protected folder on the main partition of the USB stick.

The encryption that VeraCrypt uses is AES with a 256-bit key. This is very strong encryption and cannot be cracked by brute force. You can choose other methods, all of which use a 256-bit key. These options are: Camellia, Kuznyechik, Serpent, Twofish, or a combination of two or three of these ciphers. VeraCrypt also asks you to specify a hash algorithm to generate pseudo-random numbers for a mixing algorithm. This defaults to SHA-512, but you can opt for SHA-256, RIPEMD-160, Whirlpool, or Streebog.

VeraCrypt creates two levels of security. You can have a hidden vault for your real data, which will be protected by one password, and then a visible vault that will be protected by a different password. This visible vault is called the “outer volume.” Its purpose is to protect your hidden data should someone try to force the password out of you. In this scenario, you give them the password for the outer volume. The thief is satisfied, not realizing that the real files are still hidden.

Once VeraCrypt has formatted your USB stick, you can only access it through the VeraCrypt program. When you connect the USB stick to your computer, it will show up in Windows Explorer, but you can only see the VeraCrypt program and the decoy vault.

The creation of a fake visible vault is a nice touch. However, it is only effective against thieves who have no knowledge of VeraCrypt. Anyone who accesses the memory stick and sees the VeraCrypt program could easily find out about the hidden storage with a bit of research.

2. SecurStick


SecurStick will encrypt stored data on your USB memory stick and still make those files available for computers running Windows, Mac OS, and Linux. This multi-platform support makes SecurStick almost unique in the world of USB memory device encryption. The encryption software can also be run on Windows, Mac OS, and Linux.

The encryption program for SecurStick uses a browser-based interface. The program creates a “Safe Zone” on your memory stick. This is the encrypted vault and it does not need to occupy the entire storage space of the stick. Once you have set up the Safe Zone on the memory stick, you just copy files into it through your standard operating system directory browser. The Safe Zone will expand on the USB stick as files are added to it. Encryption is performed with the AES cipher using a 256-bit key.

Many USB stick encryption systems require you to have admin rights both to encrypt and to decrypt files. That isn’t necessary with SecurStick. This is a great bonus if, for example, you want to take files to a client or government department where you can’t demand that they grant you privileges on their computers. Once the Safe Zone has been created on the memory stick, you do not need to have SecurStick installed on the connected computer in order to view and copy off files from the memory stick.

The SecureStick program was created by a German developer and all of the support documentation on the site is written in German. However, you can read through the documentation in English by using Google translate on the site. The application’s interface is available in English, German, Dutch, and Italian.

The presentation of this utility isn’t very sophisticated. However, the encryption it offers is the best you can get. The fact that you still have the flexibility to connect your memory stick to Windows, Mac OS, and Linux means that SecurStick’s usability beats all of the other encryption systems on this list. For all that, SecureStick is free to use.

3. Cryptsetup


If you only want to back up your data on Linux or you know you will only port your files over to other Linux computers, then you are very well catered to by the free Cryptsetup function, which is available to you from the standard Linux repository. Cryptsetup works in tandem with the Gnome disk utility. You can access both of these tools in GUI interfaces of Linux. A big advantage of this utility is that it is available for free. By default, Crypsetup uses AES encryption with a 256-bit key.

After installing the gnome-disk-utility and cryptsetup at the command line with sudo apt-get, you can switch back to the GUI interface of Linux. Cryptsetup can also be run from the command line.

Gnome disk utility appears on your desktop as Disks. Launch the app to get access to the encryption utility. Plug in your memory stick and look for it in the list of available disks. Create a temporary folder and copy out all of the files you have on the stick. Next, you choose to format the external drive, specifying the encryption option. Remember, this action will mean that you will only be able to access the files on Linux computers that also have cryptsetup installed. If you don’t want to encrypt the entire memory stick, partition it first. This action can also be performed in the Disks utility.

You specify a password when the Format procedure launches. The formatting process offers you the option to not overwrite existing data. However, this doesn’t work and you will lose all of your files on the memory stick during the formatting process. That’s why you need to copy them over to a temporary folder before you start the encryption process. Once the formatting finishes, copy your files back over.

A drive that has been protected by encryption is flagged in the Disks display by a padlock icon. Henceforth, when you click on that drive to access it, a popup window will appear to prompt you for the password. Options in the popup specify whether the computer should store the password for future access, whether it should forget the password immediately, or whether it should forget the password once the USB stick is removed from the computer.

4. EncryptStick


EncryptStick, by Dutch software house ENC Security, runs on the Windows, Ubuntu Linux, and Mac OS operating systems. As long as the file names that you use on your memory stick are compatible with both operating systems, you can copy files between Windows PCs and Macs.

Once you set up the encryption on the USB stick, you don’t need to install the program on other computers in order to access files. This is because the vault creation process also installs a portable secure file management system on the memory stick. If you want to keep compatibility with both Windows and Mac OS, you need to install two versions of the portable program on your memory stick.

The desktop version of the EncryptStick program has more features than the USB stick version. The company recommends that you install the program both on a computer and on a USB stick — the latter is required.

The program is not free. A license costs $14.95 and that entitles you to install the software on three devices. That allowance includes the installation on a computer. So, in reality, you will be able to encrypt two USB memory sticks with one license.

You can try out EncryptStick with a two-week free trial. The trial version can be installed on as many devices as you like. However, if you want to protect more than three devices after the trial period ends, you will have to buy multiple licenses.

The encryption algorithm uses the AES cipher with a 256-bit key. The interface offers the option to increase the key length to 512 bits or 1024 bits, which is incredible. However, the documentation for secure stick states that the underlying encryption for these longer keys is still the 256-bit key AES cipher. ENC security uses double encryption to enforce privacy on EncryptStick.

The portability between Windows and Mac OS is very useful. The Linux implementation of the program seems a little shaky and the company makes more statements about Windows and Mac OS compatibility than it does about the system’s Linux implementation. However, the ability to transfer files between Macs and Windows is in itself a great advantage.

5. BitLocker


BitLocker is a Windows utility that is free to use. The utility is bundled in with many versions of Windows and can be downloaded for others. The facility isn’t native to Windows 10 Pro, but there is a Windows 10 implementation available from the Microsoft website.

If you have Windows Vista or Windows 7 Ultimate or Enterprise edition, then you already have BitLocker on your computer. Also, the Pro and Enterprise versions of Windows 8 and Windows 8.1 automatically include BitLocker. The documentation for BitLocker explains that there are stronger encryption procedures for the Windows 10 version of the program. However, as previously stated, I was unable to install the program on Windows 10.

If you have BitLocker on your computer it is very easy to encrypt your USB memory stick. All you need to do is insert the memory stick, go to My Computer or This PC in the File Explorer, right-click on the drive and then select Turn on BitLocker from the context menu. After that, you just need to follow the installation screens. You have the option to use a smart card for authentication, but most people will probably employ the other security method of using a password.

BitLocker includes a system to get into your encrypted drive even if you forget your password. Although many people have a habit of forgetting passwords, this alternative access method is a security weakness. This backdoor is called a Recovery Key. The problem is: what if you lose that as well? You can save the Recovery Key to a file and/or print it out. If you travel and take the printout of the recovery key with you, then you run the risk of both the printout and the USB memory stick being stolen together, thus negating all of the work to secure the memory stick. On later versions of Windows, you can opt to save the recovery key in your online Microsoft account. However, if someone tricks that password out of you through phishing, you lose the security of the encryption on your memory stick.

After encrypting your stick, you will be prompted for a password whenever you plug it into a Windows PC. You can instantly turn off the security on the drive through the Manage BitLocker screen, which is accessed through the right-click menu.

6. LaCie Private-Public

Lacie Private-Public

LaCie is actually a hardware producer and the free USB encryption tool, called Public-Private, is intended for use on the company’s own products. However, there is nothing in the program that limits its operation to one manufacturer, so the program can be used on any USB memory device. The program is available for anyone to download from the LaCie website. There are two versions of LaCie Private-Public: one for Windows and one for Mac OS.

You should store the executable that creates the secure drive on the memory stick itself. This is a quirky requirement of the program and it will not work if it is run from any other drive. Also, you should not store the program in a folder because it needs to be run from the root directory.

The secure segment that the program creates on your USB stick is always labeled “LA-PRIVATE.” It will show up as a separate disk in your file browser. Once the encryption process is finished, the memory stick will appear in the list of drives twice.

Your memory stick has a file manager in its operating system. If you have this set to exFAT or FAT 2, your encrypted partition can only have a maximum size of 4GB. If you can reformat the memory stick to use NTFS, the maximum size of the secure drive goes up to the full capacity of the stick. On Macs, you should select HFS+ as the file system. If you already have files stored on your USB stick, you can only create a secure volume in the remaining available space — the encryption program will not overwrite occupied space.

It can take a long time to create the secure vault. For example, it takes about 50 minutes to create a vault of 50GB and eight hours to create a secure volume of 500GB. So, be careful to make sure that your computer remains active during the formatting process. Encryption is performed with a 256-bit AES cipher.

You set up your own password when the LA-PRIVATE volume is created. This can be changed at a later date but there is no fallback alternative if you forget your password. Each time you plug the USB stick into a computer, you will see the regular USB drive appear in File Explorer on Windows or the Finder on Macs. However, the LA-PRIVATE partition will not be visible. You have to open your USB stick and run the Public-Private.exe program. This will prompt you for your password and then the LA-PRIVATE volume will appear in your list of drives, using the next available drive letter.

This is a handy program for transferring files from Mac to Mac or Windows to Windows. However, it can’t help you perform cross-platform file transfers. The program can be installed on as many USB sticks as you like.

7. DiskCryptor


DiskCryptor is an open-source utility that is free to use. The program is only available for the Windows operating system. DiskCryptor offers strong encryption but doesn’t have the portability that other encryption systems in this list offer. You can only access your encrypted USB memory stick through the DiskCryptor interface. That means that you can only port files over to other Windows computers and you have to install the DiskCryptor program on a computer in order to get files off the memory stick.

Some USB stick encryption systems create an expandable file to contain encrypted data. Others partition the memory stick and encrypt the entire partition. DiskCryptor fits into that second category.

Once you install this utility you should plug in your memory stick and then run the DiskCryptor program. In the utilities interface you need to select the memory stick in the list of available drives. Once you click on the Encrypt button with the record for that drive active, you will be prompted to select an encryption method and set up a password.

DiskCryptor offers three encryption methods. These are AES, Twofish, and Serpent — with a 256-bit key in all cases. You can also opt to impose a combination of two ciphers, giving you double-strength encryption.

Given that DiskCryptor is free, it represents a great little tool that is easy to use and is very CPU-efficient. However, the lack of a portable version makes it difficult to use this program to transfer files from one computer to another, and the fact that the system only works on Windows limits the number of computers that you can plug your USB stick into. This encryption system is a good option if you want to back up your files onto a USB memory stick and keep them secure.

8. USB Flash Security

USB Flash Security

USB Flash Security is a product of Japanese developer Kashu System Design Inc. This software is available in both paid and free versions. You can use the program for free for personal use, but businesses have to pay. The latest version of the software is only available for a fee. The free version also has a data limit so you can only protect up to 4GB of data on a memory stick. If you want to get the paid version, you can test it out on a 15-day free trial.

Once you are ready to buy, the utility has four price points, each with a higher data storage limit and allowing use on multiple memory sticks. The cheapest option costs $9.99 and lets you store up to 4GB on one memory stick — which is the same as the free version. The most expensive version, at $49.99, is a personal license that has a data limit of 2000GB and a device allowance of three USB memory sticks.

The program encrypts the entire USB stick except for a small space that stores the unlocking program. Once this program is active on your memory stick, all that you will see on the stick through File Explorer is the executable file for the program — all other files on the stick are hidden. You then run the program to get the interface to appear. This prompts you for a password to unlock the memory stick. The presence of the unlocking utility on the memory stick means that you don’t have to install the program on every computer that you want to connect your USB stick to. However, you can only connect the memory stick to Windows computers.

When you set up a memory stick with encryption, the USB Flash Security program will wipe all data off the device. If you already have files on there, you need to back them up first. You set up your own password before the encryption process begins. A good feature of this program is that it doesn’t require a recovery key backdoor in case you forget your password. Instead, you set up a password hint. When the program is operational, the hint will appear in an overlay bubble when you move your pointer over the password field in the unlocking popup. USB Flash Security encrypts with AES using a 256-bit key.

9. Rohos Disk Encryption

Rohos Disk Encryption

Rohos Disk Encryption is another security system written for Windows. There is no free version of this application but you can get a 30-day free trial on a package to make sure the utility fulfills your expectations before you commit. The encryption system is available in two editions. The Standard program costs $35.00 and a PRO edition costs $69.00.

The program will create a hidden partition on your memory stick. The partition creation process copies over a portable version of the security management program so that you don’t need to install the system on the other computers that you want to use the USB stick on. You do need admin privileges on the computer that you install the security software on. However, you don’t need special rights on a computer in order to add files to an encrypted drive or copy them off the memory stick.

The encrypted disk is visible in File Explorer. However, it is disguised as a media file. This overcomes the problem of plausibility where a hidden partition could easily be identified by comparing the available and used space shown by the Properties interface of the drive.

The encryption software has added security features to protect your files once they have been moved to the encrypted space. The original file is shredded so it cannot be restored by snoopers. The encryption used in the Rohos Disk Encryption utility is based on the AES methodology with a 256-bit key.

The presence of the portable program makes it easy to use the USB stick in different computers once the secure partition has been set up. However, creating a protected drive will limit your USB stick’s connectivity to Windows computers.

10. LibreCrypt


LibreCrypt used to be called DoxBox. This utility mimics the LUKs security system, which is available for Linux. The encryption program can only run on Windows, but encrypted files can be transferred to Linux systems. This free program is available in two formats. One of was written to run on a computer and create the vault on your memory stick. The other version is a portable program that makes the encrypted files accessible from any computer without having to install the LibreCrypt executable on it.

Although the creators of this tool changed its name to LibreCrypt, “DoxBox” still exists in the system’s terminology. Once you create an encrypted vault for your files, that secure space is called a DoxBox. The DoxBox can be created as a partition on the USB stick, as a file, or you can allocate the entire memory stick to it. The DoxBox establishes a secure container that you then copy files into. You get a choice of encryption methods with this tool: AES, Twofish, and Serpent.

The portable version of the system isn’t just an access controller; it has the full functionality of LibreCrypt. The program can also create a DoxBox on a computer’s hard drive, so it isn’t just limited to securing files on a USB stick. LibreCrypt is available free of charge. There are no data processing limits and you can encrypt as many USB sticks as you like.

Secure your USB stick

USB sticks have become essential for backing up important files and moving data from one place to another. Although Cloud storage is now very popular, the ability to physically possess your storage media brings a stronger sense of control than the remote and invisible cloud server.

Losing your USB stick shouldn’t be a security nightmare. Keep your data safe by installing one of the USB stick encryption systems on this list. In most cases, the programs we recommend here are free to use. Those tools on the list that you have to pay for offer free trial periods, so you have no financial risk in installing and testing one of these utilities.

Related reading:
Is Cloud storage and online backup secure?
The difference between cloud backup, cloud storage, and synchronization
The best apps to encrypt your files before uploading to the cloud