27 November 2016

Sharing TrueCrypt USB volume on 3 platforms: Mac, Windows, Linux

Edited 2017-04-02.

tl;dr: TrueCrypt exFAT volume on an exFAT disk. But creating such a volume is tricky!

Update for macOS Sierra: I upgraded to the latest macOS and TrueCrypt wouldn't work. After spending a little time on the problem, I gave up and went with VeraCrypt.  Remember to verify the VeraCrypt download though!

I've tried to find a solution to sharing a TrueCrypt encrypted volume on a USB memory stick between three platforms: Mac, Windows, Linux.  It's been tough to find something modern and reliable, as I tried HFS+, Ext2/Ext3/Ext4 on USB and in a TrueCrypt volume.

Modern means that it'll properly deal with big files (over 4 GB), and long international file names (over 8.3 UTF characters).

The best solution I've found so far is a TrueCrypt exFAT volume on an exFAT USB stick.  But creating such a volume is tricky!  Using the wrong software to do the formatting will destroy the TrueCrypt file.

It's modern, and okay but not great in reliability.  There's some caveats and things to watch out for though to make this work well for you.

Such a tri-platform TrueCrypt volume can be created in basically 2 steps:

Step 0 is for those on Linux
On Linux, you may have to install exFAT support.  On Ubuntu, by doing something like [1]:

sudo apt-get install exfat-fuse exfat-utils

Step 1
Create an exFAT USB memory stick by formatting a USB memory stick on the latest Windows OS.  You should be able to just right-click on your USB stick in Windows Explorer and choose "Format".  Then choose exFAT instead of the default NTFS. [2]

I suggest doing this on Windows to ensure it's done properly.  It'll probably work fine on Linux as well (just make sure to format as MBR, Master Boot Record), but Macs definitely seem to have problems formatting to exFAT [3].

(edit 2017-04-02:  Actually, I just did this on Mac OS X 10.10.4 but with an external hard drive via FireWire and it formatted to exFAT okay, at least when mounted on Linux! I haven't tried it with a USB stick, or with mounting it on Windows though, so YMMV.)

Step 2
Create your TrueCrypt (TC) volume on the USB stick as usual, formatted to FAT format.  Then mount the TC volume and format it in exFAT on Windows as well.

You may have to do this in the Windows cmd command prompt (select the Windows menu "Run" command, then type in cmd to open the prompt).  Make note of the drive letter of the TC mounted volume.  Then in the prompt, issue the format command:

format [volume] /FS:exfat /Q

Of course, replace "[volume]" with your drive letter ("h:" or whatever it turns out to be) [4].

(edit 2017-04-02:  I actually tried to do this step on Lubuntu Linux via the "Disk" gnome-disk-utility, and the TrueCrypt volume worked just fine on Macs and Linux!  But I didn't test it on Windows.  CAUTION: I also tried doing this step on Mac OS X 10.10.4 and it completely broke the TrueCrypt volume, requiring it to be recreated from scratch ... wasting lots of time.)

Step 3 is a WARNING
Now you've got the modern file format, exFAT, in a TC volume on an exFAT USB memory stick, which'll work on all three major desktop platforms: Mac, Windows, and Linux.

Just be careful to always safely eject both the TC volume and memory stick when you're done.

exFAT is modern by our definition, but not great in reliability.  It's not a "journaling file system" the way Ext4 (common on Linux), HFS+ (on Macs), and NTFS (on Windows) are.  exFAT harkens back to days of FAT and old-school HFS file systems, requiring periodic user-initiated manual file system checking to maintain it.

You'll corrupt the exFAT file system and lose your own data if you don't carefully let the OS finish doing what it's doing with it before unplugging the memory stick.

You've been warned [5].

[1] How to Mount and Use an exFAT Drive on Linux
[2] Use the exFAT File System and Never Format Your External Drive Again
[3] Bug with FAT and ExFAT File System
[4] Format Encrypted Drives As ExFAT To Make Them Play Nice On Windows And Mac
[5] Does OS X hate exFat?

No comments: