Encrypt an external hard drive with read+write access on both Windows and Linux
-
I've used NTFS+Bitlocker in the past for USB external hard drives, and it's easy to use in read+write on Windows.
But it's less easy to use on Linux: NTFS read+write requires
ntfs-3g
(which some people don't consider 100% reliable?) and Bitlocker on Linux read+write access requires Dislocker (which has less than 1000 stars on Github so it might not be the most secure/tested system available; also there are requirements to have Dislocker in full read+write I'm not sure to meet). -
I could use an encrypted
ext4
partition on the USB external hard drive, but then it would be complicated to use on Windows (maybe impossible!).
Question: is there an encryption system, supported out-of-the-box on Windows + Ubuntu, that would allow an external USB hard drive to be read+written easily on Windows and Ubuntu?
Of course, I want the USB external hard drive to be useless for someone who would steal it, without having the key.
Use VeraCrypt container. Make NTFS or exFAT the file system on the drive and then a container with one of these also.
Next to container you can put a text file with your address so if you would lose the drive, someone finding it could return it to you. Second, you can put Windows and Linux VeraCrypt binaries next to container so attaching the drive always you will be able to open the container.
So these above will fulfill your need to open container on both Windows and Ubuntu.
Use Veracrypt. It's development is steady, of exceedingly high quality, and multi-platform.
Here's an article from 2016 describing how to encrypt a flash drive. Will be the same process for an external hard drive. Enjoy. https://www.esecurityplanet.com/open-source-security/how-to-encrypt-flash-drive-using-veracrypt.html
Some possibilities are described below.
LUKS encryption on Windows
You may use the Linux LUKS disk encryption also from Windows. To enable Windows to work with LUKS use LibreCrypt. This project is still maintained, although the author is thinking about a rewrite to solve some security issues.
Bitlocker encryption on Linux
The project that enables non-TPM Bitlocker on Linux is cryptsetup, which now has an initial support for Bitlocker. Read more about it in the article Encryption Tool for Windows and Linux.
CipherShed - another TrueCrypt fork
The open-source project CipherShed is available for Windows, Mac OS X and GNU/Linux. As packages for OS X and Linux do not exist yet, compile from source is required for those platforms.
Cryptomator - cloud alternative
The open-source Cryptomator is a tool for encrypting data stored on cloud providers, as alternative to USB disks. Available for Windows, macOS, Linux, Android and iOS.
Out of the box, no.
Bitlocker is one option, but it's only available in Pro editions of Windows and Linux support is not proven reliable, as you've noticed. In my experience Dislocker works okay, but please be aware that the last official release doesn't support Bitlocker's newer, stronger encryption added in recent (190x?) versions of Windows 10. The support was added on master
branch, but it wasn't released yet.
Consider Truecrypt or Veracrypt. They are Windows-native 3rd party encryption solutions (VC is a fork of TC) with good Linux support: official Linux ports are available, but there's also support by cryptsetup
which is Linux's de facto standard disk encryption tool.