8

  • I've used NTFS+Bitlocker in the past for USB external hard drives, and it's easy to use in read+write on Windows.

    But it's less easy to use on Linux: NTFS read+write requires ntfs-3g (which some people don't consider 100% reliable?) and Bitlocker on Linux read+write access requires Dislocker (which has less than 1000 stars on Github so it might not be the most secure/tested system available; also there are requirements to have Dislocker in full read+write I'm not sure to meet).

  • I could use an encrypted ext4 partition on the USB external hard drive, but then it would be complicated to use on Windows (maybe impossible!).

Question: is there an encryption system, supported out-of-the-box on Windows + Ubuntu, that would allow an external USB hard drive to be read+written easily on Windows and Ubuntu?

Of course, I want the USB external hard drive to be useless for someone who would steal it, without having the key.

Improve this question
4
  • Which Ubuntu version are you talking about? Is "guaranteed 100% reliable" also a requirement?
    – grawity_u1686
    Commented Nov 17, 2020 at 9:17
  • I'm using Ubuntu 18.04 @user1686. I'm maybe too hard about ntfs-3g, it seems ok: askubuntu.com/questions/32292/is-ntfs-3g-safe-for-writing.
    – Basj
    Commented Nov 17, 2020 at 9:23
  • Is it a pure data drive?
    – harrymc
    Commented Nov 19, 2020 at 16:52
  • @harrymc Yes, only data, it's a non-system disk (no OS).
    – Basj
    Commented Nov 19, 2020 at 22:34

6 Answers 6

Reset to default
3

Use VeraCrypt container. Make NTFS or exFAT the file system on the drive and then a container with one of these also.

Next to container you can put a text file with your address so if you would lose the drive, someone finding it could return it to you. Second, you can put Windows and Linux VeraCrypt binaries next to container so attaching the drive always you will be able to open the container.

So these above will fulfill your need to open container on both Windows and Ubuntu.

Improve this answer
4
  • 1
    Thank you for your answer. Out of curiosity, why a VeryCrypt container living inside a NTFS or exFAT partition? Could you add details in your answer showing if this is an actual advantage (compared to full disk or full partition encryption) in the context Windows + Linux? Thanks in advance! These little details are really important I guess.
    – Basj
    Commented Nov 23, 2020 at 19:34
  • 1
    @Basj You can have a container smaller than the drive and you can easily copy entire container without opening it. I can't see other benefits.
    – gronostaj
    Commented Nov 24, 2020 at 7:51
  • @gronostaj "You can have a container smaller than the drive": this is possible also with a partition. You're right the advantage is probably to be able to copy entire container without opening it. I think it would be interesting to edit this answer to include this useful information.
    – Basj
    Commented Nov 24, 2020 at 8:51
  • 1
    "Next to container you can put a text file with your address so if you would lose the drive, someone finding it could return it to you": really really really good idea! Or to leave a file near the container file like Use VeraCrypt with the password I gave you.txt, so that if my children want to find family photos etc. after I'm gone, they don't see it as an "unformatted hard drive". + 1
    – Basj
    Commented Nov 25, 2020 at 12:57
5
+200

Out of the box, no.

Bitlocker is one option, but it's only available in Pro editions of Windows and Linux support is not proven reliable, as you've noticed. In my experience Dislocker works okay, but please be aware that the last official release doesn't support Bitlocker's newer, stronger encryption added in recent (190x?) versions of Windows 10. The support was added on master branch, but it wasn't released yet.

Consider Truecrypt or Veracrypt. They are Windows-native 3rd party encryption solutions (VC is a fork of TC) with good Linux support: official Linux ports are available, but there's also support by cryptsetup which is Linux's de facto standard disk encryption tool.

Improve this answer
4
  • 1
    Thank you for your answer. Since TrueCrypt is no longer developed, VeraCrypt seems the only solution?
    – Basj
    Commented Nov 19, 2020 at 8:49
  • @Basj TC is still considered good enough by many and it was audited more thoroughly IIRC, but personally I'd lean towards VC.
    – gronostaj
    Commented Nov 19, 2020 at 9:02
  • Downvoter, please explain what's wrong with this answer and how it could be improved.
    – gronostaj
    Commented Nov 21, 2020 at 11:29
  • I found it useful and up voted.
    – Basj
    Commented Nov 21, 2020 at 14:01
4

Use Veracrypt. It's development is steady, of exceedingly high quality, and multi-platform.

Here's an article from 2016 describing how to encrypt a flash drive. Will be the same process for an external hard drive. Enjoy. https://www.esecurityplanet.com/open-source-security/how-to-encrypt-flash-drive-using-veracrypt.html

Improve this answer
1
  • 1
    This is the best tutorial I have seen about VeraCrypt, everthing is demonstrated: full disk encryption (password prompt before Windows boot), or non-system partition encryption (at 5:45). I wanted to share this!
    – Basj
    Commented Nov 19, 2020 at 20:09
4

Some possibilities are described below.

LUKS encryption on Windows

You may use the Linux LUKS disk encryption also from Windows. To enable Windows to work with LUKS use LibreCrypt. This project is still maintained, although the author is thinking about a rewrite to solve some security issues.

Bitlocker encryption on Linux

The project that enables non-TPM Bitlocker on Linux is cryptsetup, which now has an initial support for Bitlocker. Read more about it in the article Encryption Tool for Windows and Linux.

Cryptomator - cloud alternative

The open-source Cryptomator is a tool for encrypting data stored on cloud providers, as alternative to USB disks. Available for Windows, macOS, Linux, Android and iOS.

Improve this answer
4
  • 2
    CRITICAL: The "security issues" you mention are described by the developer: There are fundamental issues in the drivers that mean that it is possible to get 'root' access on any machine that LibreCrypt is installed on from a user application - see Issue 38 and Issue 39 (if secure boot is off). I cannot recommend using LibreCrypt with these bugs.
    – HackSlash
    Commented Nov 24, 2020 at 18:11
  • @HackSlash: Only if secure boot is off, which I hope is normally not the case. Anyway, for these security holes to be used by a rogue program, this means that the computer is already infected.
    – harrymc
    Commented Nov 24, 2020 at 21:10
  • CipherShed website's HTTPS certificate has been expired for over 2 months now (since May 12). It's not something that should happen to a project that takes security seriously.
    – gronostaj
    Commented Jul 20, 2022 at 5:20
  • @gronostaj: CipherShed last release dates from 2016. It should now be treated as abandonware. I took it out of the list - thanks.
    – harrymc
    Commented Jul 20, 2022 at 7:22
1

2023 Answer

Unfortunately, there is no cross-platform file system that supports encryption. There is VeraCrypt, which aims to facilitate encryption on the user-space level, but if you use it, you will quickly find how bad its UX is.

As an alternative, I suggest using LUKS with Linsk—a utility that allows you to access Linux file systems on unsupported operating systems such as Windows. It wraps around a lightweight Alpine Linux VM, allowing you to mount any Linux file system that is then exposed to the host machine through a network file share.

Disclosure: I'm the Linsk author.

Improve this answer
0

I haven't tried VeraCrypt and LibreCrypt mentioned by others, but there's one more method that hasn't been mentioned, namely the gpg utility. It is available on both Linux and Windows, and it can be used to encrypt and decrypt files one at a time with different cipher algorithms and multiple options. It is certainly not as convenient as mounting an encrypted partition and copying files back and forth seamlessly, but with some effort, it is perfectly usable across Windows, Mac, and Linux.

If you need is to encrypt and store a large number of files, package them into an archive and encrypt the archive with a single command:

gpg --symmetric filename

It will produce an encrypted file with *.gpg extension. Store it on your external hard drive and decrypt, when needed:

gpg -o filename -d filename.gpg
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .