Encrypt external USB thumb drive on MacOS High Sierra

Solution 1:

This is an example workflow to encrypt an USB thumbdrive with HSF+ (Journaled) with diskutil using the command line.

Assuming you start with a MS-DOS formatted USB stick.

Step 1: List all currently mounted disks diskutil list:

/dev/disk2 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *8.1 GB     disk2
   1:                 DOS_FAT_32 MYSTORAGE               8.1 GB     disk2s1 

You see the disk MYSTORAGE has the identifier disk2s1 and is DOS_FAT_32 formatted.

Step 2: Now format the disk disk2 as HSF+ (Journaled):

diskutil eraseDisk JHFS+ "New Storage" GPT disk2

The name of the disk will be "New Storage". At this time it is not yet encrypted. Look at the list of disks diskutil list:

/dev/disk2 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *8.1 GB     disk2
   1:                        EFI EFI                     209.7 MB   disk2s1
   2:                  Apple_HFS New Storage             7.7 GB     disk2s2

Step 3: Now you see the "New Storage" partition with identifier disk2s2. Encrypt this partition using:

diskutil cs convert disk2s2 -passphrase

Enter the passphrase when prompted.

If you list the disks now, you also see the encrypted logical volume diskutil list:

/dev/disk2 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *8.1 GB     disk2
   1:                        EFI EFI                     209.7 MB   disk2s1
   2:          Apple_CoreStorage New Storage             7.7 GB     disk2s2
   3:                 Apple_Boot Boot OS X               134.2 MB   disk2s3

/dev/disk3 (external, virtual):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS New Storage            +7.3 GB     disk3
                                 Logical Volume on disk2s2
                                 8B474F90-34B7-49FE-95E0-E8B260C51CCF
                                 Unlocked Encrypted

If you skip step 3, you can also encrypt the disk using Finder:

Right-click on the drive and select "Encrypt drive-name"

Just right-click on the drive and select "Encrypt drive-name".

Caution: If you choose this alternative approach, the disk gets formatted as APFS encrypted disk!

Solution 2:

The Answer of Moritz Petersen is correct, but it only works because he is using a "GUID Partition Map" in Step 2.

So I can offer an alternative Answer: You can also use the graphical Disk Utility of macOS to encrypt your external disk. Choosing "GUID Partition Map" instead of "Master Boot Record" makes all missing menu options visible. After changing the Partition Map even the Finder offers you a file system encryption.

Disk Utility "Erase"-Dialog after choosing "Master Boot Record":

Disk Utility using MBR

Disk Utility "Erase"-Dialog after choosing "GUID Partition Map":

enter image description here