Multi-platform USB Flash Drive Security with TrueCrypt

Just thinking of losing a flash drive full of data is enough to make me feel apprehensive. Which is mostly why I do not carry a USB flash drive for fear of losing it. That was the case until I learned about truecrypttruecrypt provides on-the-fly encryption/decryption (OTFE/OTFD) with a multi-platform support.

If I have been able to go on without carrying a flash drive, why – on account of learning about truecrypt – start now? It turns out, I have suddenly found good reasons for doing it; never mind that others may find my rationalisation as a mere excuse. Here are three of my reasons:

  • I need to carry data in a secure manner.
  • I use multiple platforms: Linux, Mac, and Windows PC. Windows machines are on a separate network. Movement of data between networks is severely limited and USB flash drive is the best way for transport.
  • It is an open-source software according to their licensing terms, and is likely free of hidden backdoor code.

A note about Portable Mode or Usage without Admin Privilege

Truecrypt provides an encrypted volume (or container) to hold data. In order to access the data in the encrypted volume, it needs to be mounted. This action provides the user with a clever view  of a plain unencrypted data. There are two things that happen behind the scene to make this possible: the mounting of the encrypted volume, and transparent OTFE/OTFD of the data to and from the mounted volume. The OTFE/OTFD requires the driver to be installed across machines the user wants to use truecrypt on. The installation of course only being possible with an admin privilege. Once this is installed, only then can any non-admin user use truecrypt.

It does have a Portable Mode though. What this mode does is to give the user the option of running truecrypt without installing anything. Be aware that it requires admin privilege on the machine to run due to the OTFE/OTFD. The following method is how I would use truecrypt on different platforms:

  • Install via sudo on Linux box and use regular username to run it.
  • Install via admin on Mac and use regular username to run it.
  • Forgo install on Windows PC, and use Portable Mode instead. Run it using runas.


Installers for Linux, Mac OS, and Windows can be downloaded from truecrypt website: truecrypt-7.0a-linux-x86.tar.gz (Linux), TrueCrypt 7.0a Mac OS X.dmg (Mac OS), TrueCrypt Setup 7.0a.exe (Windows).

Linux Installation

TrueCrypt installation in Linux

Fig. 1: Linux install screen

Installing on Linux is straightforward:

  • Extract the installer from the tarball truecrypt-7.0a-linux-x86.tar.gz and run the extracted truecrypt-7.0a-linux-x86.
  • The installation prompts the user with two options as shown on Fig. 1. Choose (1) to install truecrypt in /usr/bin. This requires sudo.
  • At the end of the license term agreement, the user will be asked for the sudo password prior to installation in /usr/bin. as shown on Fig. 2.
TrueCrypt Linux Install sudo prompt

Fig. 2. TrueCrypt Linux Install sudo prompt

After the quick installation, truecrypt can then be ran from the shell. The GUI is shown on Fig. 3.

TrueCrypt application on Linux

Fig. 3: TrueCrypt running on Linux

Mac Installation

Installing on Mac is just as straightforward:

  • Open TrueCrypt 7.0a Mac OS X.dmg
  • Run the installer TrueCrypt 7.0a Mac OS X. After a series of screens, it prompts the user for an admin username/password as shown on Fig. 4. The software will then be installed in /Applications.
TrueCrypt Mac Install

Fig. 4: Mac Install

From the /Applications folder, run truecrypt. Fig. 5, shows the Mac version of the software.

TrueCrypt application on Mac OS X

Fig. 5: TrueCrypt running on Mac

Windows Installation

For Windows PCs, I opt for Portable Mode. The installation is, again, a very straightforward affair:

  • Run TrueCrypt Setup 7.0a.exe. The installer displays the option as shown on Fig. 6.
  • Choose Extract and provide the installer with the preferred directory.
  • Choose a directory that the standard user has a read/write access.

Fig. 6: TrueCrypt Portable Mode Installation

Since it is in Portable Mode, the software can only be ran via an admin privilege. From a DOS prompt, I run it similar to the following:

runas /user:some-admin-user Drive:\ProgFiles\TrueCrypt

Fig. 7 shows the Windows version of the software.

TrueCrypt application on Windows

Fig. 7: TrueCrypt Running in Windows


truecrypt has been a very useful tool for my purpose, and I would continue using it for a very long time. Though if others carrying the software on a USB stick expect it to run on any machine, e.g.: public terminals, they will be disappointed. It simply can not run unless an admin installed the driver prior to using it, or in Portable Mode the user has admin privilege to run it.