How to encrypt a USB thumb drive in Ubuntu

TrueCrypt is a free, open source, system for establishing and maintaining an on-the-fly-encrypted filesystem. TrueCrypt is available for Linux, Windows, and Mac OS X. Encrypted volumes can be used with any supported OS regardless of which OS they were created on.

  1. To install TrueCrypt visit http://www.truecrypt.org/downloads.php, scroll down to Linux, select Ubuntu – x86.deb, then click Download.

  2. click to enlarge

  3. When the download is complete, browse to it in the File Browser, right-click on it, and select Extract Here.

  4. click to enlarge

  5. Now double-click on the extracted file and click Run when prompted what to do with the file.

  6. click to enlarge

  7. Next, click Extract .deb Package File.

  8. click to enlarge

  9. You must agree to the TrueCrypt License. Click I accept and agree to be bound by the license terms.

  10. click to enlarge

  11. The TrueCrypt installation package is extracted and placed in /tmp

  12. click to enlarge

  13. Using the File Browser, browse to /tmp and right-click on the TrueCrypt .deb file, then select Open with “GDebi Package Installer”.

  14. click to enlarge

  15. Now click Install Package.

  16. click to enlarge

  17. When prompted, enter your password and click OK.

  18. click to enlarge

  19. The package manager will automatically download and install any dependencies as well as install TrueCrypt.

  20. click to enlarge


    click to enlarge

  21. Run TrueCrypt by clicking Applications -> Other -> TrueCrypt.

  22. click to enlarge

  23. Click Create Volume to start the Volume Creation Wizard.

  24. click to enlarge

  25. In this example I’m going to create an encrypted volume on an entire USB stick rather than the default encrypted file container. Click Create a volume within a partition/drive then click Next.

  26. click to enlarge

  27. The default Volume Type is a Standard TrueCrypt volume, which is fine with me. Click Next.

  28. click to enlarge

  29. Next we have to choose the Volume Location. Click Select Device.

  30. click to enlarge

  31. My USB stick shows up as /dev/sdb, so I selected /dev/sdb and clicked OK. Your USB stick may show up as a different device. Make sure you are selecting the correct device.

  32. click to enlarge

  33. Now the Volume Location shows /dev/sdb. Click Next.

  34. click to enlarge

  35. When prompted if you’re sure you want to encrypt the entire device, click Yes.

  36. click to enlarge

  37. The following error message surprised me. I would have though TrueCrypt would have given me the option to delete the partitions. Instead I had to do it manually. Click OK.

  38. click to enlarge

  39. Now click Applications -> Accessories -> Terminal.

  40. click to enlarge

  41. The following steps will delete the existing partition from the USB stick. This will erase any files on the device so make sure you have a backup if there’s anything on it that you want to keep.

    In the terminal window type sudo fdisk /dev/sdb substituting sdb with the correct device name for your USB stick. Enter your password if prompted, then simply enter d to delete the partition, then w to write the changes to the device. Close the terminal window.


  42. click to enlarge

  43. Now we’re back at the TrueCrypt Volume Creation Wizard. Click Next.

  44. click to enlarge

  45. Enter your password when prompted and click OK.

  46. click to enlarge

  47. The default Encryption Options are good enough for me. Click Next.

  48. click to enlarge

  49. Now enter and confirm the password you want to use for your encrypted volume, then click Next.

  50. click to enlarge

  51. TrueCrypt warned me that the password I chose was too short, but seeing how this is just an example I clicked Yes to confirm that I was fine with the short password.

  52. click to enlarge

  53. I chose to accept the default Format Options. Note that if you want to be able to use your encrypted USB stick with Windows systems too, you must use the FAT filesystem. Click Next.

  54. click to enlarge

  55. Wiggle your mouse cursor around within the TrueCrypt window for a bit, then click Format.

  56. click to enlarge

  57. You will be warned that all files currently on your USB stick will be erased. Click Yes.

  58. click to enlarge

  59. You might want to grab a coffee at this stage. Formatting the volume took far longer for me than the estimated 105 seconds.

  60. click to enlarge

  61. Hopefully when you come back from coffee, you’ll see the following and click OK.

  62. click to enlarge

  63. We’re not going to create another TrueCrypt volume, so click Exit.

  64. click to enlarge

  65. Now we need to mount the encrypted volume so we can use it. Select Slot 1 in the top pane, then click Select Device.

  66. click to enlarge

  67. I chose /dev/sdb and clicked OK.

  68. click to enlarge

  69. Now click Mount.

  70. click to enlarge

  71. Enter the password you chose when encrypting the volume and click OK.

  72. click to enlarge

  73. Note that the encrypted volume now shows up in the top pane and an icon representing the encrypted volume has appeared on the desktop. Click Exit.

  74. click to enlarge

  75. Double-click on the TrueCrypt volume icon on the desktop and you have a fresh, blank, encrypted disk to use just as you would any other disk.

  76. click to enlarge

  77. When you are finished using your encrypted volume, open TrueCrypt again by selecting Applications -> Other -> TrueCrypt. Select your encrypted volume in the top pane, then click Dismount.

  78. click to enlarge

  79. TrueCrypt unmounts the volume and you should see that the top pane is now empty.

  80. click to enlarge

{ 6 comments… add one }
  • gnuman November 13, 2008, 6:31 am

    Great tutorial on how to use TrueCrypt to encrypt a USB drive.

  • AlesZib December 21, 2008, 11:03 pm

    I was just wondering, can I use such encrypted USB on other PCs. I guess they need to have TrueCrypt instaled? Is it possible to have the program for both ubuntu and Windows on a USB and run it from there (they of course should not be encrypted)?

  • Marcos February 2, 2009, 10:50 am

    Hay alguna manera de que el montado/desmontado del USB se haga de forma Automatica tanto Windows como en Ubunutu?

  • Peter October 8, 2009, 3:18 am

    at step 29 I get the following error:

    Error: The device uses a sector size other than 512 bytes.
    It is currently not possible to create device-hosted volumes on devices that use a sector size other than 512 bytes. However, note that you can create a file-hosted volume (container) on this device.
    —-
    could I create the sector size 512 byes?

Leave a Comment