Most secure way to store files in USB from Qubes?

Hello, i want to transfer some files form Qubes to USB, and encrypt the USB, what’s the best way? to securely do it and also to secure the USB?

1 Like

gnome-disk-utility make it really ease to encrypt a drive (when you format it).

If you want stronger encryption thank the default one, you must do it manually in the command line there are plenty of guides.


will look into this, thanks

Veracrypt is generally (not Qubes specific) often used for USB encryption, I think.

1 Like

is it easy to decrypt? the process in it self on qubes using veracrypt

I don’t have experience with this sadly.

If you want a qube to “own” a dedicated part of your USB drive, you can use GitHub - 3hhh/qcrypt: multilayer encryption tool for Qubes OS for that (disclaimer: I’m the author).

1 Like

These folks have studied encryption issues.

damn this looks awesome. Sadly I am way to lazy to setup and use this

Christ, i guess if you’re hiding some leaked CIA docs then all of those guides come in handy…

Actually an interesting question: While it’s great that the community creates things to enhance the security of QubesOs, isn’t it only a matter of time until a black sheep (e.g. the organization you talked about) finds it’s way?

I would prefer to keep some individuals who sometimes have access to my house out of my bank accounts, and such.

Encrypting a USB is not so difficult to set up, if one started with another Linux OS. Some folks seem to indicate that Tails might not be helpful, when in truth it has become a fairly polished OS that can be started and used to do an interesting group of things.

While at the same moment, I personally, am not wild about the potential that Tor, without careful consideration of how to use it, is anonymous, or secure.

Tails would be a good OS, to create an encrypted USB. As the process is not documented for Qubes yet.

I suspect some are commenting on Tails OS (and the originators of Tails should have chosen a better name) have never started or used a later version of Tails.

Tails would be a good place to work on an anonymous blog, or a Novel. Or just keep one type of personal information out of the hands of others. As might Easy OS.

Why would you not just encrypt it with LUKS?
It takes 5 seconds to do it, it’s safe and secure.

I have one drive that I use in Qubes directly and it uses LUKS.


AWhite: At first I was going to say the same thing as you, Use LUKS.

Then I felt I should exactly describe how to create a LUKS on a USB in Qubes. As I was looking around for the correct tool to do that.

I looked for the exact name of the program used by Tails, and I found - On this webpage

" We recommend you use:

  • VeraCrypt to share encrypted files across different operating systems.
  • LUKS to encrypt files for Tails and Linux."

and a table describing the features of both on the webpage. I felt I should leave it up to the reader.

And, I have yet to look up the exact line by line how to install either LUKS or VeraCrypt onto a USB key, using Qubes.

So I talk more than I should.

1 Like

Most secure way to store files in USB from Qubes?

Which attack are you trying to prevent? Description of the data by a thief?

1 Like

having an external encrypted hard drive does indeed create an extra layer of overall security indeed, it’s really handy, a long as the USB it self is not infected beforehand, or the system it self IMO.

1 Like

thanks, i will look into it

generally the average qubes user makes changes to dom0 here and there, and templates too sometimes, like the simplest thing would be using bleachbit in dom0, it can in rare cases cause system brick, having an encrypted external storage device with all necessary files as a copy from qubes system is really crucial in my opinion, it’s crazy how many times i bricked my system or got in really effed up situations where i had my system running yet non functional due to mistakes at first, or some changes that lead to wrong outcome, it’s good to have things backed up externally, where it’s nothing connected directly to the system it self in any way.

1 Like

Nice find. But why are they mentioning tails and Linux when it is the same operating system?

Dmcrypt, in Linux. Simple. That is how to do it.

When you use a USB in qubes, you want it only for Qubes, not to put into windows or anything, because that invalidates the security of qubes.

Veracrypt is decent and is fine for windows, but you need more software for it.

Cryptsetup is already in qubes, you don’t need more software.
It has been around for a very long time and is secure if you have a decent password.

It is also fast and good to use.

Not only are my qubes encrypted, my externals are encrypted too. And I notice almost no degradation in performance for my qubes.

My gaming virtual is not on an encrypted drive/partition either, because any performance loss can and does hurt.
But that doesn’t have anything that needs to remain super secure as it is Windows.

1 Like