How to Encrypt Linux Partitions With VeraCrypt

Encryption doesn’t have to be a challenge on Linux

Photo illustration of a lock inside a series of circles.

Pixabay

by Jack Wallen
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert.
Updated March 11, 2019

The issue of data security can no longer be avoided. If you have sensitive information on your computer, it should be encrypted. Why? Without encryption, that information is wide open, for all to see. Should anyone gain access to your desktop, they can view and extract that data. Instead of leaving that information wide open, why not hide it behind a layer of encryption? You may be thinking, “If I’m using Linux, that must be a challenge.” It’s not. In fact, there are plenty of tools that make this process quite easy.

One such tool is the open source (and free) VeraCrypt. VeraCrypt offers features like easy virtual disk creation and encrypting entire storage devices. (such as USB flash drive or hard drive).

It even support automatic, real-time transparent encryption. That means, with this feature enabled, your data stay encrypted without you have to remember.

Our demonstration platform will be Ubuntu Desktop 18.04, however the installation should work the same on all Linux platforms. Here are the steps for successful installation:

  1. Download the necessary file from the VeraCrypt Downloads Page into your Downloads folder. For this installation, download the file marked Linux: veracrypt-1.23-setup.tar.bz2.

  2. Open the file manager and double-click the Downloads folder.

    Screenshot of extracting a compressed file in Linux.

    Right-click the downloaded file and select Extract Here.

  3. Double-click on the newly created veracrypt-XXX-setup folder (Where XXX is the release number).

    Screenshot of opening a terminal from a Linux file manager.

    In the new folder, right-click on a blank space and select Open in Terminal.

    Screenshot of the VeraCrypt install command.

    Once the terminal opens, enter the command ./veracrypt-XXX-setup-gui-x64 (Where XXX is the release number).

    Screenshot of the Install VeraCrypt prompt.

    When prompted, click Install VeraCrypt.

    Screenshot of the VeraCrypt license agreement.

    When prompted, click I accept and agree to be bound by the license terms.

    Screenshot of a terminal prompting for a sudo password.

    A terminal window will popup, requiring you to enter your user’s sudo password. Type your password and hit Enter.

    Screenshot of the final installation screen.

    When the installation completes, hit Enter on your keyboard to exit the installer.

  4. The installation is complete.

There are two types of encrypted volumes that can be created:

  • Encrypted file container: An encrypted file that, when mounted, acts as a folder, but when unmounted is an encrypted file with data that cannot be accessed without the encryption password.
  • Encrypted volume within a partition or drive: Formats an encrypted partition that can only be accessed with the encryption password.

Creating an encrypted volume with VeraCrypt is simple. Here are the steps for creating a standard encrypted file container.

Screenshot of the main VeraCrypt window.

Open VeraCrypt from your desktop start menu. From the application window, click Create Volume.

Screenshot of selecting a volume type.

Select Create an encrypted file container and click Next.

Screenshot of the volume type selection window.

Select Standard VeraCrypt volume and click Next.

Screenshot of the Volume Location window.

Click the Select File button.

Screenshot of the volume naming window.

Give the new container file a name and click Save.

  1. Click Next.

    Screenshot of the algorithm selection window.

    Select the Encryption Algorithm and the Hash Algorithm (or use the default, which is safe) and click Next.

    Screenshot of the Volume Size window.

    Enter a volume size (to be used for the encrypted volume) and click Next.

    Size Selection

    You can select Kilobytes (KB), Megabytes (MB), or Gigabytes (GB) from the drop-down.

    Screenshot of the password creation window.

    Type and confirm a password for the encryption volume and click Next.

    Strong Passwords Needed

    It is important to use a unique and strong password for the encryption, otherwise you run the risk of someone being able to guess the password and access your data.

    Screenshot of the filesystem type selection window.

    Select the Filesystem type and click Next.

    Filesystem Types

    You can select from Ext2/3/4, NTFS, FAT, or exFAT filesystem types.

    Screenshot of the cross-platform support window.

    Select I will mount the volume on other platforms, if you need to be able to access this encrypted volume from other operating systems (otherwise, select I will mount the volume only on Linux) and click Next.

    Screenshot of the randomness collection window.

    In the next window, move your cursor around (within the VeraCrypt window) until enough randomness has been collected. Once that completes, click the Format button.

  2. When prompted, type your sudo password and click OK.

  3. Click Exit.

Now that the encrypted volume has been created, how do you use it? Simple.

  1. From the VeraCrypt main window, click Select File.

    Screenshot of locating the VeraCrypt file.

    Located the encrypted volume file you just created and click Open.

  2. Select a slot to mount the encrypted volume from the upper pane (in the VeraCrypt main window).

  3. Click Mount.

    Screenshot of entering the encryption password.

    When prompted, type the encryption password for the volume and click OK.

    Screenshot of the mounted VeraCrypt volume.

    Open the file manager, click Other Locations, and then double-click on the newly mounted drive.

    Desktop Icon

    On some desktops (such as GNOME), you can simply click on the newly-created desktop icon to access the volume.

  4. Add, edit, delete files from the mounted volume.

Umounting the Volume

It is very important, that when you’re done with the mounted volume, you unmount (otherwise, anyone can access the contents). To unmount the volume, select it from the slot (in the VeraCrypt main window) and click the Dismount button. At that point, your data is back to being encrypted and safe from prying eyes.