Thanks for the help. I found my beginner's mistake. I'll post it here in case my mistake will help someone else. When I attempted to format the thumb drive for encryption I encountered the following. Note there is no option for encryption. After reading replies and searching support for a while I tried a friends MAC and got the same result. THEN THE LIGHTBULB CAME ON.
Unlike a regular hard drive, USB drives are smaller in form factor and easy to lose or forget in While there is a slew of USB encryption software at our disposal not many are actually made for the Mac. While encrypting a USB drive, you can also create a restoration disk which allows you to recover. There are many ways to encrypt USB Flash Drive in Mac, also you can use many tools to encrypt your files or full disk, but in this tutorial, we are going to use Mac Internal Encryption program which is highly recommended.
I was making the wrong selection on the sidebar. Once I notice '4700PHOtTOS' was subordinate to 'SanDisk Ultra Me.'
All was well. Experienced users must get tired of us novices after a while.
Ziatron: I recently upgraded to El Capitan, and I just ran into the same issue with a Verbatim 16gb 'STORE N GO' USB drive, which I wanted to encrypt. The Disk Utility gui showed no partion on drive, and there was no partitioning option available in the gui (partition button was greyed out). So I erased it using the gui; and formatted it as OS X Extended (Journaled). There was no option to erase it and reformat it as OS X Extended (Journaled) Encrypted. After the USB drive was erased, no partition was shown in the gui. I checked the USB drive using the diskutil 'list' command, and it showed no partitioning.
So I then erased the USB drive using the diskutil 'eraseDrive' command, formatting it as JHFS+. I checked the USB drive with diskutil, and it showed that it had been partitioned. Then I checked it with the gui, for ha-ha's, and found that the USB drive still did not show any partitioning.
I was able to encrypt the drive by selecting it in a Finder window, and right-clicking on it. Finder did not show a partition to encrypt. I selected the drive itself. To summarize: 1) Erase the USB with the Disk Utility gui, setting the format as OS X Journaled. 2) Erase the USB using the diskutil 'eraseDisk' command. I.e., diskutil eraseDisk JHFS+ STORENGO disk3 3) Select the whole disk in a Finder window, right click on it, and then select 'encrypt'.
It may be possible to combine steps 1 & 2 into 1 step, by only issuing the diskutil command. However, I did not have the opportunity to test that. Apple Footer. This site contains user submitted content, comments and opinions and is for informational purposes only.
Apple may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Apple can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site.
All postings and use of the content on this site are subject to the.
. Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, and later are limited to be installable only on NTFS volumes.
BitLocker can be used with a TPM PIN + external USB key for two-factor authentication. An external tool can be used to read the key from the TPM and then have the key passed on to dm-crypt/LUKS via the. The current situation around TrueCrypt project is controversial. On after many years of development and broad usage the open-source (although anonymous) project was suddenly stopped, and all previous official materials and complete (encrypt/decrypt) binaries were withdrawn from its website citing some 'unfixed security issues' and Windows XP end of support. The technical information herein is valid only for previous versions of TrueCrypt (v7.1a and some earlier). The latest available version (v7.2) is decrypt only, its authenticity and actual reasons behind the move are unclear, and its usage is not recommended.
Layering. Further information:.
Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to pre-boot authentication in the features comparison table.
Partition: Whether individual can be encrypted. File: Whether the encrypted container can be stored in a file (usually implemented as encrypted ). Swap space: Whether the (called a 'pagefile' on Windows) can be encrypted individually/explicitly. Hibernation file: Whether the is encrypted (if hibernation is supported). Further information: Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.
CBC with predictable IVs: The CBC mode where are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to. CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number.
The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key.
![Hard drive encryption for mac Hard drive encryption for mac](http://www.macyourself.com/wp-content/uploads/2009/12/121709-encryptedusb-screen1.jpg)
(See for details). LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the (IEEE P1619) standard for disk encryption.: Protection against ciphertext modification by an attacker Name CBC w/ predictable IVs CBC w/ secret IVs CBC w/ random per-sector keys LRW XTS Authenticated encryption Aloaha Crypt Disk No No No Yes Yes?
ArchiCrypt Live No No No Legacy support Yes? No Yes No Yes Yes?
DataControl No Yes Plumb-IV No No? No Yes No No Yes, Windows 10 10547+?
Bloombase Keyparc? CGD No Yes No No No?
CenterTools DriveLock?????? Check Point Full Disk Encryption No No Yes Yes Yes? Legacy support No No Legacy support Yes? Yes No No No No?
CryFS No No Yes No No? Cryhod No Yes No No No? Yes No No No No No DiskCryptor No No No No Yes? / Yes Yes No Yes, using.-lrw-benbi Yes, using.-xts-plain Yes, using -integrity mode DriveCrypt??????
GoAnywhere 2????????? E-Capsule Private Safe?????? ECryptfs No Yes? EgoSecure HDD Encryption No Yes No No No?
Yes No No No No? No No No No Yes? No No No No No? FREE CompuSec Yes No No No No?
Yes Yes No Yes Yes No No No Yes No No? No Yes No No Yes? Loop-AES single-key, multi-key-v2 modes multi-key-v3 mode No No No No McAfee Drive Encryption (SafeBoot) No Yes No No No?
N-Crypt Pro?? No No No???????
No Yes No No No? ProxyCrypt No No No No Yes? SafeGuard Easy??????
SafeGuard Enterprise?????? SafeGuard PrivateDisk?????? SafeHouse Professional Yes No No No No?
No Yes No No No? 4 Linux No Yes No Yes Yes? SecuBox Yes No No No No? Softraid / RAID C????
Svnd / Vnconfig?????? Endpoint Encryption No No Yes No No? Legacy support No No Legacy support Yes No USBCrypt No Yes No No Yes? No No No No Yes? CyberSafe Top Secret No No No No Yes? Name CBC w/ predictable IVs CBC w/ secret IVs CBC w/ random per-sector keys LRW XTS Authenticated encryption See also. Notes and references.
Retrieved 2014-05-30. Retrieved 2014-11-28. Roland Dowdeswell (2002-10-04). Mailing list announcement.
Retrieved 2007-01-14. Archived from on March 2, 2005. Retrieved 2008-09-03.
Company and product name change to Pointsec. Archived from on 2004-08-20. Retrieved 2008-09-03. Archived from on 2008-08-20. Retrieved 2008-09-03.
Niklas Lemcke (2014-12-15). Retrieved 2014-12-24. TrueCrypt Foundation. Retrieved 2014-12-24. Sarah Dean (2004-02-10).
Archived from on 2008-12-11. Retrieved 2008-08-10. Initial cryptoloop patches for the Linux 2.5 development kernel:. Archived from on 2005-01-10. Retrieved 2006-12-24. CS1 maint: Archived copy as title. dm-crypt was first included in Linux kernel version 2.6.4:.
Clemens Fruhwirth. Archived from on 2006-12-25. Retrieved 2006-12-24.
SecurStar GmbH. Retrieved 2015-10-26. Archived from on 2000-05-24. Retrieved 2008-04-29.
Valient Gough (2003). README.md file. Retrieved 2007-01-14. Archived from on 2006-12-07. Retrieved 2006-12-24. GBDE manual page as it appeared in FreeBSD 4.11.
Retrieved 2006-12-24. GELI manual page as it first appeared in FreeBSD 6.0. Retrieved 2006-12-24.
Retrieved 2018-01-16. Retrieved 2015-09-14. Missing or empty title=.
Product description. Retrieved 2009-03-04.
Retrieved 2007-01-04. Retrieved 2009-08-10. Retrieved 2009-08-10.
Rebranded as ThinkVantage Client Security (PDF). Retrieved 2008-03-05. Retrieved 2007-01-02. 4 September 2004. Archived from on 4 September 2004.
TrueCrypt Foundation. Retrieved 2014-05-29. Retrieved 2015-08-08. ^ FUSE driver to read/write Windows BitLocker-ed volumes under Linux / Mac OSX.
(PDF). Archived from (PDF) on 2015-09-23. Retrieved 2014-12-14. CS1 maint: Archived copy as title. Although CipherShed can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when CipherShed is attempted to be used. ^ Third party app allows to open containers encryptes with AES-256, SHA-512 hash and FAT file system. Only for the Microsoft Windows XP/2000 operating systems.
PocketPC freeware release- SmartPhone beta available. ^ FreeOTFE supports cryptoloop, dm-crypt//, and dm-crypt/LUKS volumes. FreeOTFE4PDA supports dm-crypt/LUKS volumes. ^. libfvde supports reading FileVault2 Drive Encryption (FVDE) encrypted volumes.
Supports Linux volumes. Supports Linux volumes. Third party app allows a user to open LibreCrypt compatible LUKS containers. Retrieved 2010-06-14. Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used. Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version). Hidden containers description from Jetico (BestCrypt).
^ Secret-containers and Camouflage files. Supports 'Guest' keys. Using 'Archicrypt Card'. Supported by the BestCrypt container format; see BestCrypt SDK. Supported by the BestCrypt Volume Encryption software. With PIN or USB key. ^.
Archived from on 2008-02-24. Retrieved 2008-03-13. Recovery keys only. ^ Roland C. Dowdeswell, John Ioannidis. CGD design paper. Retrieved 2006-12-24.
Federico Biancuzzi (2005-12-21). Interview with Roland Dowdeswell. Retrieved 2006-12-24. CipherShed Documentation. CipherShed Project.
Retrieved 2014-12-27. Although each volume encrypted with CipherShed can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any ( cf. TrueCrypt FAQ: ). ^.
TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-28. TrueCrypt FAQ. TrueCrypt Foundation. Archived from on 2013-04-16. Retrieved 2014-05-28.
TrueCrypt Foundation. Retrieved 2014-05-24. Retrieved 2016-09-23. ^ dm-crypt and cryptoloop volumes can be mounted from the before the system is booted.
^. Archived from on 2010-05-29. Retrieved 2010-05-25. Retrieved 2018-12-02. Retrieved 2016-01-07. SecurStar GmbH.
Retrieved 2007-01-03. Retrieved 2007-07-25. uses the lower filesystem (stacking). ^. Retrieved 2012-07-26.
^ Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). Retrieved 2012-01-03. Ars Technica. Retrieved 2012-01-03. FreeOTFE has a modular architecture and set of components to allow 3rd party integration. FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles.
^. Retrieved 2006-12-24. GBDE design document. Retrieved 2006-12-24.
GELI manual page in current FreeBSD. Retrieved 2006-12-24. ^ Jari Ruusu. Retrieved 2007-04-23. Using customization. (PDF). Archived from (PDF) on 2010-12-17.
Retrieved 2012-07-26. n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only. PGP Corporation. Retrieved 2006-12-24. PGP private keys are always protected by strengthened passphrases.
^. Archived from on 2006-08-23. Retrieved 2008-03-04. Retrieved 2008-03-05.
![For For](https://www.beencrypted.com/wp-content/uploads/Ubuntu-flash-drive-encryption-part-8.png)
^ For Truecrypt containers. ^. WinMagic Inc. Archived from on 2008-03-13. Retrieved 2008-03-05. optional by using -K.
TrueCrypt Documentation. TrueCrypt Foundation. Archived from on 2013-01-08. Retrieved 2014-05-28.
Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any ( cf. TrueCrypt FAQ: ). VeraCrypt Documentation.
Retrieved 2017-10-11. Within a VHD. dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions.
yes, but the user needs custom scripts:. Uses proprietary e-Capsule file system not exposed to the OS. ^ not technically part of FileVault, but provided by many versions of Mac OS X; can be enabled independently of FileVault.
^ File-based volume encryption is possible when used with utility. September 2004. Retrieved 2015-03-05. OpenBSD 3.8 change notes. however,. Containers created with ArchiCrypt Live version 5 use LRW.
Retrieved 2007-03-02. Retrieved 2009-03-01. ^ Niels Fergusson (August 2006). Retrieved 2008-02-22. NetBSD current manual page on CGD.
Retrieved 2006-12-24. ^ Containers created with TrueCrypt versions 1.0 through 4.0 use CBC.
^ Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only. Containers created with CipherShed or TrueCrypt versions 5.0+ use XTS, and support LRW/CBC for opening legacy containers only. Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode:.
Retrieved 2018-05-08. Retrieved 2011-01-03. Archived from on 2007-06-29. Retrieved 2006-12-24. For Scramdisk containers. For Truecrypt 4 containers. For Truecrypt 5 and 6 containers.
Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only. External links. Comparison in between DiskCryptor and Truecrypt. Overview of full-disk encryption, how it works, and how it differs from file-level encryption—plus an overview of leading full-disk encryption software.