Encrypt A Drive With VeraCrypt in Linux

Objective

Install VeraCrypt and encrypt a drive.

Distributions

This guide will work on nearly any Linux distribution.

Requirements

A working install of one of the supported distributions with root privileges.

Conventions

# – requires given linux command to be executed with root privileges either directly as a root user or by use of sudo command
$ – given linux command to be executed as a regular non-privileged user

Introduction

TrueCrypt was known as a gold standard in filesystem encryption. It was known for providing excellent encryption options, including hidden encrypted volumes. That’s something the LUKS can’t do. TrueCrypt has been abandoned, but it’s been forked into VeraCrypt.

VeraCrypt is the successor to TrueCrypt, and it can do everything that its parent could. VeraCrypt is still under active development with the latest encryption standards being supported.

Get VeraCrypt

Download and extract VeraCrypt

Veracrypt is available from the developer’s website in the form of a series of runner scripts. Go ahead and download the Linux tarball.

Open the tarball on your system when the download completes. The tarball contains a series of scripts to install VeraCrypt either the GUI or command line version VeraCrypt for both 32bit and 64bit systems. Run the right GUI one for you. It’s much easier to work with graphically.

$ sudo ./veracrypt-1.22-setup-gui-x64

The installer is kind of ugly, but just agree and install VeraCrypt. It’s a basic installer.

VeraCrypt Running

Once the installation completes, you can find VeraCrypt in your desktop environment’s launcher menu. Open it up. The default window looks plain at first. The top of the window lists a series of drives. Those are all virtual mount points that VeraCrypt uses to manage your encrypted volumes.

Below that, you’ll find a series of buttons. Click the one to create a volume.

Create An Encrypted File Container

VeraCrypt set volume type

After you click the button to begin the volume creation process, a new window will open up to walk you through setting up your new volume.

VeraCrypt supports two different types of volumes. One is a virtual volume that you can create anywhere. It looks and behaves like a file to the rest of your system, but VeraCrypt can open it and access the files stored within it. The other option encrypts an actual partition or device. This guide will focus on encrypted containers. The process for a drive is very similar.

VeraCrypt choose location

Next, you’ll be asked where you want to create your file. Choose any place that works for you. Again, this behaves like any other file to the rest of your system.

VeraCrypt set size

VeraCrypt lets you select the size of your container. You can’t resize it once it’s made, so pick something sufficiently large.

VeraCrypt choose password

You’ll then be asked to set a password for your volume. Like all other encrypted drives, you’re going to need to remember this one. There is no recovery.

VeraCrypt pick filesystem

After that, you’ll be prompted to select a filesystem to format to. Ext4 is a safe bet for Linux systems. VeraCrypt will also ask on the next screen if you do only plan to use your drive on Linux.

VeraCrypt format volume

Finally, you’ll be prompted to move your mouse around to generate randomness for the encryption. Go until the bar is filled. Then, encrypt your drive.

Mount A Drive

Once your drive is formatted, it’s ready to use. In order to use your drive, you’re going to need to mount it.

Back on the main VeraCrypt screen, you’ll see two buttons; select file and select device. If you followed this guide and created a file, use that one. If you opted for a device instead, go that route.

For the file, a standard file browser window will open up. Browse to the location where you created your file, and select it. If you have a drive, the window will display all the storage hardware on your machine. Select your drive.

VeraCrypt mounted drive

Once you have your encrypted volume selected, you’ll be prompted to enter the password to unlock it. Do so. VeraCrypt will decrypt your drive, and it’ll appear in one of the drive slots at the top of the window. Click on it to open the drive and view its contents. You can now use your drive as normal. When you’re done, click the button at the bottom of the VeraCrypt window to close the drive and unmount it.

Closing Thoughts

VeraCrypt is an excellent tool for creating and managing encrypted volumes. It offers a fair amount of flexibility with the encrypted files, and the ability to create hidden encrypted partitions, which look like random data when examined. VeraCrypt is cross-platform too, so it’s a great option for encrypted flash drives and other devices that you may need on multiple different computers.