Veracrypt is currently the only encryption software I am aware of, which runs under Windows, Linux and BSD. That makes it a good choice for external storage devices. Web: veracrypt

A really cool feature veracrypt offers is nested encryption.

First steps #

Veracrypt comes with a GUI interface, which is not beginner friendly, but does its job. I will however concentrate on the command line interface, which is better called with -t as first parameter, because even veracrypt -t --help would otherwise show its help in a window.

Create a volume #

veracrypt -t --create /dev/sdX

If you want to encrypt more disks with the same password and unlock them automatically, you can use a keyfile for that:

dd if=/dev/urandom of=/dev/shm/generated.password bs=4k count=1 conv=sync
veracrypt -t --create /dev/sdX --keyfiles=/dev/shm/generated.password --random-source=/dev/urandom --quick

Remember to backup /dev/shm/generated.password as it will not survive a reboot in that place (/dev/shm is usually stored to RAM).

Open a volume #

The volume can then be unlocked with

veracrypt --filesystem=none --keyfiles=/dev/shm/generated.password /dev/ada7

and the result is visible with

veracrypt --list

Close a volume #

In order to close all volumes:

veracrypt -d

or an individual

veracrypt -d /dev/ada7