Today we’re going to talk about how to install and configure VeraCrypt on Linux. Both GUI and Console versions. In this article, we’ll be focusing on encrypting secondary/external drives, and file-based containers.

Why should you consider VeraCrypt?

It offers a few features:

  • Creates a virtual encrypted disk within a file and mounts it as a real disk. 
  • Encrypts an entire partition or storage device such as USB flash drive or hard drive. 
  • Encryption is automatic, real-time(on-the-fly) and transparent. 
  • Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted. 
  • Encryption can be hardware-accelerated on modern processors. 

You’ll need to grab the installer for your Linux flavour – Debian based systems (i.e. Linux Mint, Ubuntu, etc.) use .deb installer package while Red Hat based systems (i.e. CentOS, Fedora, etc.) use .rpm installer package.

Download them from VeraCrypt website.

GUI Installation method 

Download the GUI version and navigate to your Downloads folder and double click to install. It will ask you for confirmation beforehand. 

Veracrypt should be added to your applications menu which can now be accessed.

Select Create Volume which will show a wizard for creating a new encrypted volume. 

We’ll set up a file-based container with a hidden partition. Follow the wizard in selecting where you want to keep the file. In our case, we’ll leave it in the documents.

Next is the encryption method you want to use. The bigger the encryption the longer it’ll take to access the files. In our case, we will use the most secure version AES(Twofish(Serpent)).

Next, it’ll ask us for file size. As a warning, this file size has to include your hidden partition, so if you have a 50GB file, you can divide it into 25GB outer and 25GB hidden partitions.

Next, it’ll ask you to create an encryption key. It will ask for a password and if you want, you can also use an optional keyfile along with your password, your favourite song, picture, text file, etc. Here we will just use a password. 

Next, it will ask how big of file size you’ll store in the encrypted file. It’s recommended to keep files under 4GB so you may partition it as FAT which can be accessed from any computer

Next, it’ll ask to do random mouse movements. Do as told and then click format. It’ll tell you the approximate time to encrypt the outer volume. Go grab some coffee.

After it’s finished, continue on to create the hidden volume. It’ll be the same process but you’ll be limited to the size of the outer volume you have created. Make sure the passwords are different.  

Now you can mount your encrypted file, select file then click mount, it’ll ask for your encryption password and then your root/sudo password to mount 

Now you can use an encrypted file as an external drive, make sure to unmount the drive once you’re done using it.

Command Line Installation 

First, we’ll grab the installer from the VeraCrypt website. In our case, the latest one was 1.24 update 7.

Install the downloaded rpm/deb package 

rpm -ivh veracrypt-console-1.24-Update7-CentOS-7-x86_64.rpm 

Create file in length needed using fallocate -l Image_Size_Here /path/to/image.img 

Launch VeraCrypt in text interactive mode, veracrypt -t -c select Normal first

Select Encryption type, AES(Twofish(Serpent)) in our case, Hash, SHA-512, and filesystem FAT 

Next it’ll ask for PIM and keyfile, if you’re using either of these enter them either leave blank 

Afterwards, it’ll ask to type randomly, as a substitution for mouse movement. 

It’ll start encrypting next. It’ll tell you the approximate time to finish. Plenty of time to grab some coffee.

When it’s done encrypting you can continue making a hidden partition by restarting the text wizard and selecting the hidden option next time. 

To mount your partition use following command veracrypt source_file mount_path location, it’ll ask for the password. If you want to use outer volume make sure to select the protect hidden file option, if accessing hidden volume enter the hidden volume password and select no for protection. 

To unmount use veracrypt -d mount_path command 

So there you have it. Let us know in the comments if you have any questions!