Encryption with VeraCrypt
FAT, exFAT, or NTFS?
Once you have defined a good password and clicked Next, you can move on to selecting the volume's filesystem. FAT or exFAT can be mounted on almost any other system later. NTFS gives you the ability to use additional authorizations or file attributes on Windows. Choose the filesystem that best suits your requirements. If required, check the boxes for quick formatting and the option to dynamically grow the volume. Next, move your mouse pointer to give the pseudo-random number generator for the crypto operations further random data. Once the bar at the bottom of the window turns green, press Format. After a short time, your volume is ready, and you can press Exit to close the dialog.
After creating your container, you are taken back to the VeraCrypt start window. Now search for your previously created container by clicking on Select File, select the desired drive letter in the area above, and then press Mount. Enter the password in the dialog box or browse to the keyfiles you selected previously for the secret in Keyfiles. Clicking on OK tells the disk manager to automatically mount the volume, which you can access directly.
If you created a hidden volume in the previous step, you will now see two options when mounting. If you want to access the contents of the hidden volume, you need to enter the matching secret in order to mount it directly. The container's outer volume is not displayed or changed. However, if you want to include the outer volume (e.g., to keep up appearances and store files) enter the secret for this outer volume here. In Options, make sure you also specify the secret of the hidden volume for protection to avoid it being accidentally overwritten (Figure 4).
Encrypting Partitions and Hard Disks
If you want to encrypt entire partitions or data carriers, select the Encrypt a Partition/Drive option when creating a new volume. In Windows, again confirm the User Account Control (UAC) dialog to let VeraCrypt access your data carriers. As in a container, you can also create hidden volumes. Then select the data carrier to be encrypted. In my example, I will encrypt a USB memory stick. In this case, it is not necessary to partition the storage space in advance; you can encrypt the entire drive directly. The partitioning can then be changed within the encrypted area. VeraCrypt shows you available storage and partitions for selection.
Next you can choose whether to continue using the files that are already on the data carrier in the encrypted volume (the in-place encryption option). VeraCrypt can create encrypted storage media without you needing to manually temporarily store the files and transfer them back. Note that this only works with NTFS on Windows, because the operating system is only capable of shrinking NTFS filesystems on the fly, which is necessary to free up space for the encrypted volume on the data carrier.
If you want to continue without in-place encryption, select the other option and press Next. Before formatting, you will be warned once again that all data currently on the medium will be permanently deleted. If you are using a USB memory stick, you are also told that a drive letter will still be assigned on Windows. However, you must not use the drive in this way. Windows does not recognize any content and offers to format the stick directly when you connect it, which would delete the encrypted volume.
Protecting the System Partition
Now that you have some experience with VeraCrypt, you can encrypt your entire operating system. To do this, select Encrypt System Partition/Drive from the System menu at the top.
VeraCrypt even offers to install a hidden operating system. This gives plausible deniability at the operating system level to deny the existence of a hidden operating system installation.
For my example, I will use normal encryption and then opt to encrypt the entire data carrier and not just the system partition. The entire data carrier then also includes any recovery or boot partitions, which is why VeraCrypt recommends that you only encrypt the system partition for the recovery. Otherwise, depending on the BIOS configuration, you could lose access to your system completely.
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.
-
Plasma Desktop 6.1.4 Release Includes Improvements and Bug Fixes
The latest release from the KDE team improves the KWin window and composite managers and plenty of fixes.
-
Manjaro Team Tests Immutable Version of its Arch-Based Distribution
If you're a fan of immutable operating systems, you'll be thrilled to know that the Manjaro team is working on an immutable spin that is now available for testing.