Today, we are going to learn about how to install and Use VeraCrypt to Encrypt Drives on Ubuntu 18.04.
So what is VeraCrypt? VeraCrypt is an open-source software forked from TrueCrypt whose development and maintenance has since been discontinued. It is used for performing on-the-fly disk encryption (OTFE). On-the-fly encryption means that data is encrypted before it is written to the disk and when data is being read from the disk, every small portion of it is copied and decrypted on the fly in the memory (RAM) without human interaction i.e no decrypted data is stored on the memory temporarily and thus, even when the disk is mounted, data is still encrypted.
VeraCrypt encrypts the entire filesystem of the disk including folders, files, contents of the files, metadata, free space…In order to access the encrypted data, one has to supply the encryption keys, password or keyfile.
You can read more about VeraCrypt in its Documentation page.
You can also check our previous article on how to Encrypt Files and Folders with eCryptFS on Ubuntu 18.04.
Install VeraCrypt on Ubuntu 18.04
There are two ways in which VeraCrypt can be installed on Ubuntu 18.04
Installing via Ubuntu PPA repos
VeraCrypt is not available on the default Ubuntu repositories. Therefore, to install it using the package manger, you have to add the PPA repositories.
Add PPA repos using the command below. Note that this repository is not related to VeraCrypt even though Unit 193 is Xubuntu developer and he is a great contributor to open source community;
sudo add-apt-repository ppa:unit193/encryption
Update the system
sudo apt-get update
Once the update is done, run the command below to install VeraCrypt.
sudo apt install veracrypt
Install via VeraCrypt Installer Scripts
VeraCrypt has its Linux installer scripts on its official website. Download the installer tarball by running the command below.
Once the download is complete, extract the VeraCrypt tarball, navigate to the source code extract directory and run the VeraCrypt installer.
tar -xjf veracrypt-1.23-setup.tar.bz2
This will extrct the VeraCrypt setup scripts in the current working directory. There are two types of installers, GUI based and the console based Installers for both x86 and x86_64 systems. In this case, I am going to use the console based installer for x86_64 system.
Therefore, in the current working directory, run the installer script as shown below;
VeraCrypt 1.23 Setup ____________________ Installation options: 1) Install veracrypt_1.23_console_amd64.tar.gz 2) Extract package file veracrypt_1.23_console_amd64.tar.gz and place it to /tmp To select, enter 1 or 2: 1 << Press 1 to Launch VeraCrypt installation Before you can use, extract, or install VeraCrypt, you must accept the terms of the VeraCrypt License. Press Enter to display the license terms... ...scroll through the license... Do you accept and agree to be bound by the license terms? (yes/no): Yes ...Once you press Enter, the installer will run and install VeraCrypt... usr/share/veracrypt/doc/HTML/VeraCrypt Rescue Disk.html usr/share/veracrypt/doc/HTML/VeraCrypt128x128.png usr/bin/ usr/bin/veracrypt-uninstall.sh usr/bin/veracrypt Press Enter to exit...
You can verify that VeraCrypt is installed and indeed is in your PATH.
You are now ready to encrypt your drives/files using VeraCrypt.
In this guide, we are going to learn how to use the GUI method of VeraCrypt to encrypt devices/files.
To launch the VeraCrypt GUI, press the Super Key to launch activities search bar and type veracrypt.
Press Enter to Launch VeraCrypt
The numbered slots, 1, 2… are used by VeraCrypt to manage encrypted devices.
Create VeraCrypt Volume
There are two types of VeraCrypt Volumes;
- File-hosted (container)
File-hosted volume is a normal file that can be stored on any storage device. It contains an independent encrypted virtual disk device while Partition hosted volume is a hard drive partition. It can be a removable USB sticks or any other type of storage.
To create a VeraCrypt volume, click on the Create Volume button. You will be prompted to choose the type of the volume, File Container or a Partition. In this guide, we are going to create an encrypted partition. If you opt to create an encrypted file container, the process it the same.
Click Next to select the type of VeraCrypt volume to create, standard or hidden. In simple terms, Standard volume is just like any other file except that it is password protected while Hidden volume is not visible as the name suggests and can have layered protection with two passwords, the outer and inner encrypted volume password. In this guide, we are going to create an Hidden volume.
In the next screen, you need to select the drive to encrypt. Note that you need to save any data before encrypting the drive as all existing data will destroyed during encryption.
Confirm that you are ready to encrypt the drive to continue.
Next, you are required to select the encryption as well as the hashing algorithms. We are going with the defaults.
Click Next to proceed. On the next page, set the password for outer encrypted volume.
Next, you need to generate random numbers that will be used to strong encryption keys. The randomness is collected from the mouse movements. The faster the mouse moves, the faster the random numbers are generated. Make sure the bar is filled before you proceed.
Once done, click Format and select yes to confirm that you want to format the drive. Once the formatting is done, Click Next to set the encryption and hashing algorithms just like you did above. Click Next to to set the maximum Hidden Volume size.
Note that we chose almost half of the entire disk for the hidden volume so that we can have some space to store non-sensitive information on the outer volume set above.
In the next page, set the password for the hidden drive and click Next to proceed. You are required to set the type of filesystem to format the drive with. In this case, we chose Ext4 filesystem type.
On the next screen, chose whether you want to mount the drive on the platforms apart from Linux or not. Next, move your mouse about to generate the randomness again.
After that format the drive. If everything is well, then you should see a screen confirming that the hidden VeraCrypt volume has been successfully created.
Your drive has been fully encrypted. To mount the Outer hidden volume, launch VeraCrypt, select a slot to mount your drive, select the drive to mount by clicking on Select Device button and click Mount to mount your encrypted drive.
Remember we set two passwords, for the outer volume and the other for hidden volume. Use respective password when mounting respective volume drive. After mounting, you can write your data as you wish. Once done, you can unmount the volume
To demonstrate an example, I have saved to Documents in the Encrypted Volume as follows;
- Outer Encrypted Volume – Closed Contracts Year 2018
- Hidden Volume – Financial Receipts 2018.
If I mount the drive with outer volume password, I can only access the Closed Contracts Year 2018 document.
If I mount the drive with hidden volume password, I can only access the Financial Receipts 2018.
The mount point of the drive is /media/veracrypt2
... /dev/mapper/veracrypt2 1022M 20K 1022M 1% /media/veracrypt2
That is all about to install and use VeraCrypt to encrypt drives on Ubuntu 18.04. Feel free to explore more about this awesome encryption tool.
Read more on VeraCrypt Documentation