How to Encrypt a USB Flash Drive in macOS Mojave

Discussion in 'Mac Blog Discussion' started by MacRumors, Dec 16, 2018.

  1. kylew1212 macrumors regular

    Joined:
    Oct 17, 2017
    Location:
    Huntsville, AL
    #26
    Note that saving the decryption key in keychain does not seem to back the key up to iCloud.

    I have used iCloud Keychain for years and recently after rebuilding my MBP I was unable to decrypt a drive that had the key stored in keychain.
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #27
    I just checked and it looks like these are saved in the local "login" Keychain by default, so they would not get backed up to iCloud as you mentioned. But that login Keychain would get backed up along with everything else in your Time Machine backup so that should have you covered.
     
  3. kylew1212 macrumors regular

    Joined:
    Oct 17, 2017
    Location:
    Huntsville, AL
    #28
    Is there a way to force this to back up to iCloud?
    Thanks
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #29
    I played around with it, and it looks like you can copy the entry from the login Keychain and paste it into the iCloud Keychain. But instead of keeping the drive name, it changes it to the UUID # of the drive.

    Screen Shot 2018-12-17 at 8.44.24 AM.png

    Here is the login Keychain entry.

    Screen_Shot_2018-12-17_at_8_44_37_AM.png

    I right clicked and copied it from login then right clicked and pasted in iCloud Keychain and it made the new entry you see here in the iCloud Keychain. Presumably this would sync along with everything else in the iCloud Keychain.

    I have not tested if you delete this entry from login Keychain if this iCloud entry will unlock the drive.
     
  5. kylew1212 macrumors regular

    Joined:
    Oct 17, 2017
    Location:
    Huntsville, AL
    #30
    Thanks for your in depth analysis on this! I ran into issues with this and lost a drive of pictures (I had other backups so not a big deal). I like the privacy of having the drive encrypted but since losing the data I've been hesitant to use it on external drives.
     
  6. ignatius345 macrumors 68000

    Joined:
    Aug 20, 2015
    #31
    If you want to encrypt some data on a flash drive (or other removable drive), another way to do this is to create an encrypted disk image on the drive. That way anybody can still mount and use it for other stuff, but you've also got a sub-section that's locked away.

    This same principle can be applied to cloud services as well. I have a bunch of sensitive account recovery stuff I keep backed up in Dropbox, but inside a heavily-encrypted disk image file. You still get the benefits of backup and syncing but without leaving your data out in the open on the service you're using.
     
  7. ignatius345 macrumors 68000

    Joined:
    Aug 20, 2015
    #32
    Good you had backups! I think that especially with little removable devices like USB drives, it's crucial to follow the wisdom (as you did) that nothing important should ever exist on only one drive.
     
  8. isomorphic macrumors regular

    Joined:
    Apr 19, 2010
    #33
    I'd add the strong caution that not all USB flash keys are well-made; in fact, I would go so far as to say most aren't. SSDs tend to have much better reliability both through better control mechanisms and through higher-grade flash memory to begin with. SSDs probably also have more blocks set aside for recovery of bad blocks--who knows what USB flash drives have.

    I'm sure the distinction lessens with top-tier manufacturers, but even there a Samsung USB flash stick is just not going to be the same as an 860 PRO. To say nothing of the no-brand (or rebranded) USB sticks you buy in a checkout line somewhere. But in the latter case you shouldn't be trusting cheap USB sticks with your data in the first place.

    I'm not sure what implications bad USB sticks have for choice of formatting. Even with those APFS is probably better.
     
  9. Emanuel Rodriguez macrumors member

    Emanuel Rodriguez

    Joined:
    Oct 17, 2018
    #34
    APFS is a superior format to HFS+ in many ways. It should be the preferred format on all newly-formatted macOS disks, unless backwards-compatibility with older versions of macOS/OS X/Mac OS X is required. Also, HFS+ can be read on Windows and Linux with the proper software installed, so that's another consideration.
     
  10. kitana12 macrumors newbie

    Joined:
    Nov 12, 2018
    #35
    I encrypted my 10 TB external HDD in veracrypt. ExFAT formatted. It mounts fine in windows but when I plug in the encrypted disk into macbook (running OS mojave), I get the error "the disk you inserted was not readable by this computer". If I open veracrypt for mac and try to mount the disk, I get the error "hdiutil: attach failed - no mountable file systems"

    I have FUSE for macOS installed, before installed VeraCrypt.

    The partition shows as Microsoft Basic Data in disk utility command output on mac.

    No response on their main forum or subreddit. This software doesn't seem to have much support.
     
  11. clanky5 macrumors newbie

    Joined:
    Dec 29, 2018
    Location:
    Ireland
    #36
    That doesn't make it a 'good' choice - and it's not, for the reasons given by others.
     

Share This Page