Open Source multi-platform encryption

Does anyone have any recommendations for open source, multi-platform encryption? Ideally, I’d like to use the same encryption for USB flash drives as well as to encrypt laptop boot drives for use mostly on Windows systems, but sometimes for Mac or Linux. I’ve read a little on VeraCrypt and DiskCryptor. Of the two, VeraCrypt looks like it can handle both tasks, but I haven’t any experience with it, yet. Just looking for opinions if anyone has used either.


What about this ?:

I am not sure I understand fully what you are asking.

USB flash drives encryption then I would recommend VeraCrypt since it works on all platforms for portable drives. The only thing I say with VeraCrypt is to play around with it first it can either encrypt a partition/usb/disk or a file (it like a folder).

I would recommend using the VeraCrypt file method first as it allows you to move stuff about for testing then you can review partition encryption.

Another tip if you doing USB partition method with VeraCrypt make a small FAT partition to hold installation files for VeraCrypt on different operating system and maybe some notes.

Boot Drives I would recommend using whatever your OS recommends there not really good solution for Boot Drives. (make sure they use software encryption as SSD have had some issues recently BitLocker uses Hardware by default if you do not change it).

(Never heard of cryptomator so can not comment)

1 Like

Doesn’t really apply to what I’m looking for. That’s interesting to know, though, for cloud-based storage, thanks.

I’m asking about encrypting USB flash drives for a client who handles financial data. Also, they have a few employees taking laptops to clients and entering financial data into a couple of evaluation / auditing programs and they’re looking to encrypt the laptops to prevent access should the laptops be lost or stolen. They’d like it to be encryption at boot, (prior to the Windows logon). Checkpoint was mentioned in a meeting, but from the blatant sales articles they’ve published, disguised as “news” and their hidden pricing scheme, not wanting to go through the on-boarding process of becoming a resale partner just to get pricing, etc., I was looking for an open source solution.

I started playing around with VeraCyrpt last night on a flash drive just to get started and I agree, the small FAT partition to hold the portable version of the software is definitely a good idea.

Bitlocker was also mentioned in the meeting, but was discouraged due to the necessity of purchasing SQL Enterprise to hold the encryption keys in a database, or something along those lines. I don’t know that Bitlocker is a bad choice, but I wasn’t trying to argue that point at that stage of the meeting.

I think I’m going to go with BitLocker for the USB drives, for now, since it’s easy for the end user. VeraCrypt is cumbersome and slow to open an encrypted volume. Still not sure about the laptop boot drives, though.

I do not think you require a SQL Enterprise to hold the encryption keys for Bitlocker.

I guess it might make sense if you dealing with loads of keys but I not sure it required.

Bitlocker pretty simple and it gives you options of either printing the keys, exporting to txt file, or upload to Microsoft account. I never used Microsoft Account method but might be option if you use Office365.

It also depends if your computer/laptops support TPM that you might want to use (we use it for clients laptops).

Maybe print all keys out store them in folder in a safe if you want? Also maybe store encryption keys on some password manager like KeePass instead of leaving them on txt files. I think you can do both just to be safe.

I think If you are staying in Windows use Bitlocker for it all.

Here Some video that might help:

Video 1

Video 2

Note you should be able to do this on your domain server if you use one.

Excellent, thanks. Yes, I think they must’ve been concerned with hundreds of employees’ keys. We’re a small office and will only be managing a handful of devices, so I can just save the keys in a secure folder on the server and back them up. BitLocker seems to be the easiest method since they’re just using Windows machines. We’ll have to force upgrading from Windows 7, but that’s a good excuse to get them to move on that, anyway.

Thank you for your advice, everyone!

Another tip if you have windows 7 pro stickers on your laptops/PCs you can do fresh install Windows 10 and use the Windows 7 pro keys it work for me most the time.

1 Like