If you want to protect your data from prying eyes, then you need to encrypt it. Previously many of us relied on Truecrypt to do this, however, as the popular encryption app was mysteriously discontinued, we have created this article to give you five alternatives to TrueCrypt.
If you are serious about security, then you will do this yourself rather than using a third-party to do it for you. This is what is meant by end-to-end encryption (e2ee).
But even if you are using e2ee, how do you know that the software is not doing something untoward? Such as secretly sending your encryption keys back to its developers, or creating a backdoor in the encryption.
The only guarantee we can have against this is the use of open-source code. Only if a program can be freely examined to ensure it does what it is supposed to (and only what it is supposed to) can we place a reasonable amount of confidence in it.
If the code has been audited by a reputable third-party then we can have even more confidence in it, but even this is imperfect, as code can always be changed the second the auditors leave the building. So the fact remains simply being able to audit the code is the surest guarantee possible that any program is secure.
We have listed the best alternatives to TrueCrypt below. Most of them use the industry-standard AES cipher, so you may also wish to learn how AES encryption works.
Platforms Windows. MacOS, Android, and Linux. Third-party Android and iOS apps allow you to open and access data stored VeraCrypt containers.
VeraCrypt is a fork of TrueCrypt and its direct successor. Other than minor branding changes, it front-end looks the same and its functionality is identical to that of TrueCrypt. It basically is TrueCrypt except that its code has been fully audited, problems discovered with TrueCrypt have been fixed, and the app is under active development.
As such, VeraCrypt is widely regarded in the security world as the go-to open-source full-disk encryption program. It allows you to create a virtual encrypted disk (volume) which you can mount and use just like a real disk Or it can encrypt an entire disk partition or storage device (e.g. a hard drive or USB stick), including the entire drive your Operating System boots from.
By default, VeraCrypt encrypts all data stored in a volume with an AES-256 cipher, although when creating a volume you can specify an alternative cipher. The NIST averse, for example, can opt to use a Twofish, Serpent, or Camellia cipher. Data is then authenticated using SHA-512 by default, but again, users can opt to use different hashing algorithms if they prefer.
A notable feature of VeraCrypt is that any file, for example, an innocent-looking photo file, can be used as the container for a VeraCrypt volume. Even more notable is its hidden volume feature which provides plausible deniability. It does this by hiding an encrypted volume inside another VeraCrypt volume in such a way that, if the correct precautions are taken, it is impossible to prove the second hidden volume exists.
Data stored in VeraCrypt containers can be securely synced across devices by storing a volume in (and mounting it from) a cloud storage sync folder. VeraCrypt can be used in this way to store data securely on otherwise insecure platforms such as Dropbox.
It is not an ideal tool for this job, however. Volume sizes can be large and are of a fixed size which you must specify when creating them. And when any data inside a volume is changed the entire volume must be re-uploaded
Of all the software discussed in this article, VeraCrypt is by far the most thoroughly audited open-source encryption solution available.
Please check out our guides on VeraCrypt & how-to basics and A Guide to VeraCrypt hidden volumes for deep dives into this important encryption program.
Platforms: Windows, macOS, Linux, Android (third party but open source). A third-party AESCrypt for iOS app is also available, although it is closed source and free users are limited to simply viewing files pre-encrypted on the desktop using AES Crypt.
AES Crypt is a free open source (FOSS) cross-platform per-file encryption app which secures files using the AES-256 cipher. As a per-file encryption app, it allows you to manual encrypt individual files. Batch file encryption is not supported, although this limitation can be overcome somewhat by creating zip files out of folders, and then encrypting the zip file with AES Crypt.
This very easy-to-use Java-based file program integrates with the OS, providing simple file encryption using the right-click menu button in Windows, or drag and drop in macOS and Linux (or an extension allows right-clicking in macOS).
File decryption is performed by simply double-clicking the encrypted.aes file, and entering the password you supplied when creating it. A command-line interface is also available.
It should also be noted that when you create an encrypted version of a file, the original unencrypted version remains untouched. This is great if you just want to store the encrypted version online, but for maximum security, you should delete the original. Just don’t forget the password!
Platforms (free): Windows. Free MacOS, Android, and iOS apps are available which allow you to open and view files, but not encrypt them. Platforms (Premium): Windows, macOS, Android, and iOS.
Like AES-Crypt, AxCrypt is an open-source cross-platform per-file encryption app which secures files using AES. It is, however, a quite different beast. It comes in a free version aimed mainly at Windows users and a Premium version which costs $35 USD per year (30-day free trial).
AxCrypt Free integrates with the Windows OS to provide seamless on-the-fly AES-128 file encryption. Rather than setting a password each time you encrypt a file, you sign into the app and then all selected files are automatically encrypted and decrypted using that password.
Folders themselves cannot be encrypted using AxCrypt Free, but all files in a folder can be batch-encrypted. Or you can select as many files as you want from anywhere on your PC and perform batch encryption on them.
For Windows users, then, AxCrypt Free offers many advantages over the rather basic AES Crypt. What you lose, however, is cross-platform compatibility. Free apps for macOS, Android, and iOS (but not Linux) allow you to open and view encrypted files, but not encrypt them.
The Premium version fixes this problem with full support for all mentioned platforms. It also offers many useful additional features on all supported platforms, including full folder encryption (with sub-folder encryption), key sharing, account key backup, anonymous file names, and more.
Platforms: Linux (DEB package or compile from source), macOS (using Homebrew).
gocryptfs is inspired by the brilliant but flawed EncFS. Like Encfs, it creates paired folders or “volumes.” One volume contains the unencrypted files (let’s call it the “private folder’), while the second matching volume (let’s call it the “encrypted folder”) holds an encrypted version of the files in the first (private) volume.
Unlike VeraCrypt, each file in a volume is encrypted and stored individually, so a change to one file does not mean re-uploading an entire encrypted container.
This makes gocryptfs much better than VeraCrypt at storing files on cloud services such as Dropbox, as local files are kept unencrypted in the private volume, but are mirrored on Dropbox (etc.) in encrypted form by simply placing the matching “encrypted volume” in a cloud folder.
What gocryptfs does not do is simply encrypt a file. Someone with access to the “personal folder” has access to the unencrypted files. In addition to this, files names in the encrypted folder are obscured, but metadata such as directory structure and file size are not.
gocryptfs is command line only, but the setup is very easy. Once set up, you can drag-and-drop files to and from the private folder using your regular GUI file manager. Alternatively, SiriKali is a GUI frontend compatible with gocryptfs.
Data is secured and using AES-256-GCM, with GCM also providing authentication.
SecureFS and Crysfs are similar EncFS-inspired apps. SecureFS fixes the issues with EncFS and is notable for being available for all major platforms, including Windows (requires MS Visual C++ 2015 redistribution package). Crysfs’ support for Windows is still very experimental, but it fully supports Linux and macOS, and improves on gocrypt and SecureFS by encrypting file metadata and directory structure.
Platforms: Windows, macOS, Linux, Android, iOS.
Cryptomator provides transparent encryption of files stored in the cloud. The encrypted vault is stored in your cloud folder, but is decrypted and mounted locally as a virtual drive for seamless drag-and-drop functionality.
Files are encrypted individually, so when changes are made, only the corresponding encrypted file is changed. In addition to the content of files, the directory structure is hidden, although file modification dates cannot be hidden without breaking your cloud provider’s synchronization feature.
Vaults are secured using AES-256-CTR and unlocked using a passphrase which is protected against brute force attacks using the scrypt key derivation function.
Cryptomator for the desktop works on a pay what you want model. It can be had for free, but users are encouraged to donate towards its development. The mobile apps (which support fingerprint unlock) cost $8.99 at time of writing.
VeraCrypt is a drop-in replacement for TrueCrypt. If your encryption needs are somewhat different, then the open-source tools discussed in this article reflect the variety of use-cases for encryption apps.
You may need to choose between AES Crypt and AxCrypt, and between gocryptfs (or other Encfs-inspired variant) and Cryptomater, but most apps lists here do their own specific thing with very little crossover in functionality between them.
The best advice, therefore, is to deploy a variety of encryption apps. This means you will the right tool for the job, rather than trying to knock square pegs into round holes by using a single app to perform jobs it was not designed to do.