If you do not want others to have access to your data, then encryption is essential.
When you encrypt your sensitive data, unauthorized persons cannot easily get to it.
VeraCrypt is a fork of TrueCrypt which is a free and open source on-the-fly disk encryption (OTFE) tool.
Veracrypt is available for Linux, Windows, and MacOS.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Ubuntu related installation tasks.
In this context, you shall learn how to install and use Veracrypt disk encryption software on Ubuntu Linux.
From Veracrypt's official downloads page , there are two options are available for using Veracrypt on Ubuntu Linux, namely: GUI and console. GUI means graphical-based and console means text-based(command-line).
Run the following command in the Ubuntu terminal to download the Veracrypt GUI installer package:
$ sudo wget https://launchpad.net/veracrypt/trunk/1.24-update7/+download/veracrypt-1.24-Update7-Ubuntu-20.04-amd64.deb
Now, you may install the downloaded package as follows.
$ sudo apt-get install ./veracrypt-1.24-Update7-Ubuntu-20.04-amd64.deb
Enter y to continue with the installation if prompted. After a successful installation, you can launch Veracrypt from the Applications menu > Accessories > Veracrypt.
i. Run the following command in the Ubuntu terminal to download the Veracrypt console installer package:
$ sudo wget https://launchpad.net/veracrypt/trunk/1.24-update7/+download/veracrypt-console-1.24-Update7-Ubuntu-20.04-amd64.deb
ii. You may now proceed to install the downloaded package. Run the command below:
$ dpkg -i ./veracrypt-console-1.24-Update7-Ubuntu-20.04-amd64.deb
iii. When the installation completes successfully, you may begin to use Veracrypt in the Ubuntu terminal.
To see usage info, run the following command:
$ veracrypt -h
Let us imagine that you have a folder named folder1 on your Ubuntu desktop which contains sensitive documents.
We are going to create an encrypted volume via the GUI and the console to serve as a personal vault for storing such sensitive documents.
a. Create an encrypted volume
1. Launch Veracrypt from the Applications menu > Accessories > Veracrypt.
2. Click Create.
3. In the Veracrypt volume creation wizard, choose Create an encrypted file container.
4. Click Next.
5. On the Volume Type page, choose the first option labeled Standard Veracrypt volume.
6. Click Next.
7. Under Volume Location, click Select File.
8. Choose your desired location on the left and then enter a name for the encrypted file container at the top.
9. Click Save at the bottom of the window.
10. Back to the Volume Location page, click Next.
11. Under Encryption Options, leave the default selections: AES and SHA-512, and click Next.
12. Under Volume Size, enter the desired volume size. Click the drop-down menu to switch between Gigabytes, Megabytes and Kilobytes.
13. Click Next.
14. Under Volume Password, enter an encryption password.
15. Click Next.
16. Under Format Options, you may choose Linux Ext3 from the drop-down menu.
17. Click Next.
18. Under Cross-Platform Support, let us go with the default selection.
19. Click Next and then click OK when prompted.
20. Under Volume Format, begin to move your mouse randomly for at least 1 minute.
21. When you are done, click Format.
22. When prompted, enter your Linux user password and click OK.
23. Wait for a message indicating that your Veracrypt volume was successfully created.
24. Click OK.
25. Click Exit.
b. Mount the encrypted volume
1. Back to the main VeraCrypt window, click any free slot in the list.
2. Click Select File.
3. Choose the encrypted file container which you created earlier.
4. Click Open at the bottom of the Window.
5. Click Mount.
6. When prompted, enter your encryption password and click OK.
7. You should now see a new device icon on your desktop. The mounted device will also be listed under Devices when you open File Manager by accessing your home directory for instance.
c. Dismount the encrypted volume
1. To dismount the encrypted volume, make sure that the appropriate slot is selected in the main Veracrypt window.
2. Click Dismount.
3. The slot entry should now be blank.
4. Also, you should no longer see the encrypted volume on your desktop or listed under Devices.
a. Create an encrypted volume
i. Run the command below in the Ubuntu terminal to begin creating your encrypted volume:
$ veracrypt --create
ii. When prompted to choose a volume type, enter 1 for a Normal volume:
Volume type: 1) Normal 2) Hidden Select [1]: 1
iii. Next, you would be prompted to enter volume path and volume size. In the example below, the encrypted volume is called personal_vault and will be created in my home directory.
The size of the personal vault will be 2 Gigabytes:
Enter volume path: /home/shola/personal_vault Enter volume size (sizeK/size[M]/sizeG): 2G
For encryption algorithm and hash algorithm, the default AES and SHA-512 values are recommended. Enter 1 in both cases:
Encryption Algorithm: 1) AES 2) Serpent 3) Twofish 4) Camellia 5) Kuznyechik 6) AES(Twofish) 7) AES(Twofish(Serpent)) 8) Camellia(Kuznyechik) 9) Camellia(Serpent) 10) Kuznyechik(AES) 11) Kuznyechik(Serpent(Camellia)) 12) Kuznyechik(Twofish) 13) Serpent(AES) 14) Serpent(Twofish(AES)) 15) Twofish(Serpent) Select [1]: 1 Hash algorithm: 1) SHA-512 2) Whirlpool 3) SHA-256 4) Streebog Select [1]: 1
For filesystem, Linux Ext3 would suffice. You may enter 4 to choose that:
Filesystem: 1) None 2) FAT 3) Linux Ext2 4) Linux Ext3 5) Linux Ext4 6) NTFS 7) exFAT 8) Btrfs Select [2]: 4
Now, it is time to choose a strong encryption password. You will get a warning if your chosen password is determined to be weak.
Note: Using a short password is NOT recommended:
Enter password: WARNING: Short passwords are easy to crack using brute force techniques! We recommend choosing a password consisting of 20 or more characters. Are you sure you want to use a short password? (y=Yes/n=No) [No]: y Re-enter password:
When you are prompted to enter PIM, press the enter key on your keyboard to accept the default value. Do the same when you are prompted to enter the keyfile path.
PIM is a number that specifies how many times your password is hashed.
A keyfile is used alongside a password, such that any volume that uses the keyfile cannot be mounted if the correct keyfile is not provided.
As we are focusing on basic usage here, the default values would suffice:
Enter PIM: Enter keyfile path [none]:
Finally, you would need to randomly type on the keyboard for at least 1 minute and quite fast too. This is supposed to make the encryption stronger.
Avoid the enter key while you type. Press Enter only when you are done typing and then wait for the encrypted volume to be created:
Please type at least 320 randomly chosen characters and then press Enter: Done: 100% Speed: 33 MiB/s Left: 0 s The VeraCrypt volume has been successfully created.
b. Mount the encrypted volume
To access the content of the encrypted volume, you need to first mount it. The default mount directory is /media/veracrypt1 but you can create yours if you wish. For example, the following command will create a mount directory under /mnt:
$ sudo mkdir /mnt/personal_vault
The next command below will begin mounting the encrypted volume:
$ veracrypt --mount /home/shola/personal_vault
When you are prompted, either press the enter key to use the default mount directory or type your own mount directory path. You would be prompted to enter your encryption password next.
For PIM, keyfile and protect hidden volume prompts, hit the enter key to use the default values:
Enter mount directory [default]: /mnt/personal_vault Enter password for /home/shola/personal_vault: Enter PIM for /home/shola/personal_vault: Enter keyfile [none]: Protect hidden volume (if any)? (y=Yes/n=No) [No]:
Run the following command to list mounted volumes.
$ veracrypt --list
1: /home/shola/personal_vault /dev/mapper/veracrypt1 /mnt/personal_vault
You may now move your sensitive folder to your personal vault as follows:
$ sudo mv /home/shola/folder1 /mnt/personal_vault
To list the contents of your personal vault, run:
$ ls -l /mnt/personal_vault
c. Dismount the encrypted volume
The following command will dismount the encrypted volume:
$ veracrypt --dismount /mnt/personal_vault
If you run veracrypt –list again, you should get a message indicating that no volume is mounted.
This article covers how to Install and Setup VeraCrypt on Ubuntu 20.04. VeraCrypt, a fork of TrueCrypt, is a free and open source on-the-fly disk encryption (OTFE) tool.
Main features offered by VeraCrypt include:
1. Creates a virtual encrypted disk within a file and mounts it as a real disk.
2. Encrypts an entire partition or storage device such as USB flash drive or hard drive.
3. Encrypts a partition or drive where Windows is installed (pre-boot authentication).
4. Encryption is automatic, real-time(on-the-fly) and transparent.
5. Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
6. Encryption can be hardware-accelerated on modern processors.
7. Provides plausible deniability, in case an adversary forces you to reveal the password: Hidden volume (steganography) and hidden operating system.
To Install VeraCrypt Using DEB binary Package on Ubuntu:
Debian/Ubuntu packages for VeraCrypt are also available for download on download’s page. However, as of this writing, there is not available a binary package for Ubuntu 20.04 yet. As such, we using binary package for Ubuntu 19.04.
Note that the installers are also available, both for GUI and console based installations.
To install console-based VeraCrypt;
wget https://launchpad.net/veracrypt/trunk/1.24-update4/+download/veracrypt-console-1.24-Update4-Ubuntu-19.10-amd64.deb
Then install it;
$ dpkg -i veracrypt-console-1.24-Update4-Ubuntu-19.10-amd64.deb
To install GUI based;
$ wget https://launchpad.net/veracrypt/trunk/1.24-update4/+download/veracrypt-1.24-Update4-Ubuntu-19.04-amd64.deb
Next, use APT package manager to ensure that any would-be dependency is dealt with automatically:
$ apt install ./veracrypt-1.24-Update4-Ubuntu-19.04-amd64.deb
You can uninstall GUI based VeraCrypt by executing;
$ apt remove --purge veracrypt
$ apt autoremove