Full disk Encryption with VeraCrypt on Ubuntu Linux

by

VeraCrypt is a cross platform encryption solution. It can create encrypted containers to protect your files, or you can encrypt an entire disk partition on a Linux system. VeraCrypt uses the latest encryption standards, so many users place their trust in it. In this tutorial, you will see the step by step instructions to encrypt an entire disk on Ubuntu Linux.

In this tutorial you will learn:

  • How to install VeraCrypt on Ubuntu
  • How to use full disk encryption with VeraCrypt on Ubuntu Linux
Full disk Encryption with VeraCrypt on Ubuntu Linux
Full disk Encryption with VeraCrypt on Ubuntu Linux
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Ubuntu Linux
Software VeraCrypt
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Full disk Encryption with VeraCrypt on Ubuntu Linux step by step instructions


Follow the step by step instructions below to download, install, and use VeraCrypt to configure full disk encryption on Ubuntu Linux.

  1. Get started by heading to the official VeraCrypt download page, where you will find a DEB package available for Debian based systems like Ubuntu. Download the latest GUI version available.
    Download the VeraCrypt DEB file from the official download page
    Download the VeraCrypt DEB file from the official download page
  2. Open your command line terminal and begin the installation by using the apt command on the DEB file. 
    $ sudo apt install ~/Downloads/veracrypt-1.25.9-Debian-11-amd64.deb
  3. Next, open up VeraCrypt from Ubuntu’s Activities menu.
    Opening VeraCrypt
    Opening VeraCrypt
  4. Select the “Create volume” button.
    Create new volume
    Create new volume
  5. Choose to encrypt a non system partition/drive, since we will be encrypting the full disk. Then click next.
    Choose to encrypt the whole disk
    Choose to encrypt the whole disk
  6. Select the volume type that you prefer. Hidden volumes will not be listed and so might be easier to spot for prying eyes. We will keep things simple in our example and go with standard VeraCrypt volume.

    Choose your volume type and click next
    Choose your volume type and click next

  7. Choose the partition or disk that you want to encrypt. We will choose /dev/sdb in our example, as it is our secondary hard drive. This is just a raw block device, with no partitions of file system currently installed.
    Choose the hard disk partition that you wish to encrypt
    Choose the hard disk partition that you wish to encrypt
  8. As long as you are sure that you have selected the correct device, choose yes on the next confirmation prompt.
    Click Yes to continue
    Click Yes to continue
  9. Enter your adminiatrator password, as you need root permission to perform the next step.
    Enter root password credentials
    Enter root password credentials
  10. Choose the type of encryption you would like to use. Going with the default AES-512 is definitely a safe bet, unless you have some other preference. Click next to continue.
    Choose encryption before continuing
    Choose encryption before continuing
  11. Choose the password that you will be using for your encrypted disk or partition. Be careful to choose something you will remember, otherwise you will lose access to all of your files.

    Choose encryption password for your VeraCrypt volume
    Choose encryption password for your VeraCrypt volume

  12. Select whether or not you plan to store large files in the VeraCrypt volume. This allows the program to optimize your storage accordingly.
    Select whether you will store large or small files
    Select whether you will store large or small files
  13. For file system selection, we recommend ext4. We also recommend the quick format option, unless you previously had sensitive information on the disk and have time to let VeraCrypt securely delete all traces of it. Click next when done.
    Choose file system time and optionally quick format option
    Choose file system time and optionally quick format option
  14. Choose whether you need cross platform support or not.
    Cross platform support prompt
    Cross platform support prompt
  15. You will need to move your mouse around in this window a lot, in order to generate random input. Once the bar is full, click on format.

    Generate random input with mouse movements then format
    Generate random input with mouse movements then format

  16. In a moment or two, your VeraCrypt volume will be finished creating and you should get a success prompt.
    Our VeraCrypt volume has been successfully created
    Our VeraCrypt volume has been successfully created
  17. To mount your newly created VeraCrypt volume, click on Select Device, then choose the device path you just encrypted. Then click mount.
    Mounting our encrypted disk or partition
    Mounting our encrypted disk or partition
  18. Enter the password that you used to encrypt the drive.
    Enter encryption password
    Enter encryption password
  19. You will now see that your VeraCrypt volume has been mounted. By default, ours mounts to /media/veracrypt1.
    Our VeraCrypt encrypted disk is now mounted and accessible
    Our VeraCrypt encrypted disk is now mounted and accessible

Closing Thoughts


In this tutorial, we saw how to use VeraCrypt for full disk encryption on an Ubuntu Linux system. This will keep all data on our disk secure with VeraCrypt’s AES-512 encryption, or whichever setup you chose. To access the volume, you just need to mount it with VeraCrypt and enter your password.

Related Linux Tutorials: