Encryption with VeraCrypt
FAT, exFAT, or NTFS?
Once you have defined a good password and clicked Next, you can move on to selecting the volume's filesystem. FAT or exFAT can be mounted on almost any other system later. NTFS gives you the ability to use additional authorizations or file attributes on Windows. Choose the filesystem that best suits your requirements. If required, check the boxes for quick formatting and the option to dynamically grow the volume. Next, move your mouse pointer to give the pseudo-random number generator for the crypto operations further random data. Once the bar at the bottom of the window turns green, press Format. After a short time, your volume is ready, and you can press Exit to close the dialog.
After creating your container, you are taken back to the VeraCrypt start window. Now search for your previously created container by clicking on Select File, select the desired drive letter in the area above, and then press Mount. Enter the password in the dialog box or browse to the keyfiles you selected previously for the secret in Keyfiles. Clicking on OK tells the disk manager to automatically mount the volume, which you can access directly.
If you created a hidden volume in the previous step, you will now see two options when mounting. If you want to access the contents of the hidden volume, you need to enter the matching secret in order to mount it directly. The container's outer volume is not displayed or changed. However, if you want to include the outer volume (e.g., to keep up appearances and store files) enter the secret for this outer volume here. In Options, make sure you also specify the secret of the hidden volume for protection to avoid it being accidentally overwritten (Figure 4).
Encrypting Partitions and Hard Disks
If you want to encrypt entire partitions or data carriers, select the Encrypt a Partition/Drive option when creating a new volume. In Windows, again confirm the User Account Control (UAC) dialog to let VeraCrypt access your data carriers. As in a container, you can also create hidden volumes. Then select the data carrier to be encrypted. In my example, I will encrypt a USB memory stick. In this case, it is not necessary to partition the storage space in advance; you can encrypt the entire drive directly. The partitioning can then be changed within the encrypted area. VeraCrypt shows you available storage and partitions for selection.
Next you can choose whether to continue using the files that are already on the data carrier in the encrypted volume (the in-place encryption option). VeraCrypt can create encrypted storage media without you needing to manually temporarily store the files and transfer them back. Note that this only works with NTFS on Windows, because the operating system is only capable of shrinking NTFS filesystems on the fly, which is necessary to free up space for the encrypted volume on the data carrier.
If you want to continue without in-place encryption, select the other option and press Next. Before formatting, you will be warned once again that all data currently on the medium will be permanently deleted. If you are using a USB memory stick, you are also told that a drive letter will still be assigned on Windows. However, you must not use the drive in this way. Windows does not recognize any content and offers to format the stick directly when you connect it, which would delete the encrypted volume.
Protecting the System Partition
Now that you have some experience with VeraCrypt, you can encrypt your entire operating system. To do this, select Encrypt System Partition/Drive from the System menu at the top.
VeraCrypt even offers to install a hidden operating system. This gives plausible deniability at the operating system level to deny the existence of a hidden operating system installation.
For my example, I will use normal encryption and then opt to encrypt the entire data carrier and not just the system partition. The entire data carrier then also includes any recovery or boot partitions, which is why VeraCrypt recommends that you only encrypt the system partition for the recovery. Otherwise, depending on the BIOS configuration, you could lose access to your system completely.
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Endless OS 6 has Arrived
After more than a year since the last update, the latest release of Endless OS is now available for general usage.
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.