Encryption with VeraCrypt
Backup and Recovery
Now is a good time to think about backing up the contents of your hard disk. If something goes wrong with the encryption process, you will want to keep a backup of your files in order to be able to restore the system. The files can (or should) of course also be stored on an encrypted data carrier that can be easily mounted by a booted system.
Next, select whether you have one or several operating systems installed on your data carrier. Then click Next and set the encryption parameters as described above. You are then taken to the PIN entry screen. Of course, you cannot select any files here, because you do not have access to the hard disk at system boot time.
VeraCrypt sets the keyboard layout to English when you enter the password. This is because only the BIOS settings are available at boot time before the operating system possibly adopts your choice of keyboard layout. You need to take this into account, especially if you want to use nonstandard characters in your password. You will normally have an English keyboard layout, but to be on the safe side and make sure that the BIOS is not playing tricks on you with a country-specific language setting, it is a good idea to display the password so that you can enter the password with your local keyboard layout in case of an emergency.
VeraCrypt also lets you create your own VeraCrypt rescue medium. This helps you to repair a defective VeraCrypt bootloader and also – with the correct password, of course – to permanently decrypt the system partition again, for example, to repair a defective Windows system. You need to burn the ISO image you create to a CD/DVD or transfer it to a USB stick. If you encrypt several systems with VeraCrypt, you will need an individual rescue medium for each system.
Before the encryption process starts, you need to define the delete options for the existing system files. You can overwrite files multiple times to prevent an attacker from restoring them – even after overwriting the free disk areas with the encrypted volume. Now take note of the recovery instructions and warnings before starting the obligatory pre-test. The computer reboots and Windows launches again after you enter the password. VeraCrypt displays a success message for the test after the reboot.
Click on Encrypt and say yes to warning prompts. The encryption process then starts. You will need some patience, depending on the size of your data carrier. Once the process has completed, you can close the dialog box and will see your system partition mounted in the drive overview. Of course, you cannot eject the drive. To protect your data, shut down the system.
After restarting, you will be prompted to enter the key. Remember that you must type the key with an English keyboard layout. In addition to the password, you will be asked to enter a PIM if you set one. If you have not set a PIM, you can simply press Enter to confirm, otherwise you need to enter the correct value here. The operating system then boots in the usual way, and you can work with virtually no loss of performance.
Conclusions
Encrypting data, especially on mobile devices, is essential in the corporate environment. As an alternative to BitLocker, VeraCrypt offers a sophisticated approach to encrypting data carriers. It protects USB memory sticks, hard disks, and your system partition (though only when the computer is switched off or not connected). Hidden volumes also give users the ability to credibly deny the existence of any such volumes, should someone attempt to force you to hand over your data.
With the steps covered in this article, you can encrypt your computer with VeraCrypt. Keep in mind, however, that secure passwords are an important security aspect.
Infos
- BitLocker: https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/
- TrueCrypt: https://truecrypt.sourceforge.net/
- E4M: https://en.wikipedia.org/wiki/E4M
- VeraCrypt download: https://www.veracrypt.fr/en/Downloads.html
- VeraCrypt on GitHub: https://github.com/veracrypt/VeraCrypt
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Endless OS 6 has Arrived
After more than a year since the last update, the latest release of Endless OS is now available for general usage.
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.