How to Encrypt Linux Partitions With VeraCrypt

Encryption doesn’t have to be a challenge on Linux

by
Jack Wallen
Jack Wallen
Writer
Jack Wallen is a former Lifewire writer, an award-winning writer for TechRepublic and Linux.com, and the voice of The Android Expert.
our editorial process
Jack Wallen
Updated on February 13, 2020

The issue of data security can no longer be avoided. If you have sensitive information on your computer, it should be encrypted. Why? Without encryption, that information is wide open, for all to see. Should anyone gain access to your desktop, they can view and extract that data. Instead of leaving that information wide open, why not hide it behind a layer of encryption? You may be thinking, “If I’m using Linux, that must be a challenge.” It’s not. In fact, there are plenty of tools that make this process quite easy.

One such tool is the open source (and free) VeraCrypt. VeraCrypt offers features like easy virtual disk creation and encrypting entire storage devices. (such as USB flash drive or hard drive).

It even supports automatic, real-time transparent encryption. That means, with this feature enabled, your data stay encrypted without you have to remember.

Install VeraCrypt on Linux

Our demonstration platform will be Ubuntu Desktop 18.04, however the installation should work the same on all Linux platforms. Here are the steps for successful installation:

  1. Download the necessary file from the VeraCrypt Downloads Page into your Downloads folder. For this installation, download the file marked Linux: veracrypt-1.23-setup.tar.bz2.

  2. Open the file manager and double-click the Downloads folder.

  3. Right-click the downloaded file and select Extract Here.

    Extract Here command

  4. Double-click on the newly created veracrypt-XXX-setup folder (Where XXX is the release number).

  5. In the new folder, right-click on a blank space and select Open in Terminal.

    Open in Terminal command

  6. Once the terminal opens, enter the command ./veracrypt-XXX-setup-gui-x64 (Where XXX is the release number).

    Screenshot of the VeraCrypt install command.

  7. When prompted, press Install VeraCrypt.

    Install VeraCrypt button

  8. When prompted, select I accept and agree to be bound by the license terms.

    License terms agreement button

  9. A terminal window will popup, requiring you to enter your user’s sudo password. Type your password and hit Enter.

    Screenshot of a terminal prompting for a sudo password.

  10. When the installation completes, hit Enter on your keyboard to exit the installer.

    Screenshot of the final installation screen.

  11. The installation is complete.

There are two types of encrypted volumes that can be created:

  • Encrypted file container: An encrypted file that, when mounted, acts as a folder, but when unmounted is an encrypted file with data that cannot be accessed without the encryption password.
  • Encrypted volume within a partition or drive: Formats an encrypted partition that can only be accessed with the encryption password.

Create an Encrypted VeraCrypt Partition

Creating an encrypted volume with VeraCrypt is simple. Here are the steps for creating a standard encrypted file container.

  1. Open VeraCrypt from your desktop start menu. From the application window, select Create Volume.

    Create Volume button in VeraCrypt

  2. Select Create an encrypted file container and press Next.

    Create an encrypted file container option in VeraCrypt

  3. Select Standard VeraCrypt volume and press Next.

    Standard volume option in VeraCrypt

  4. Press Select File.

    Select File button in VeraCrypt

  5. Give the new container file a name and press Save.

    Save button for VeraCrypt volume

  6. Select the Encryption Algorithm and the Hash Algorithm (or use the default, which is safe) and press Next.

    Encryption Algorithm in VeraCrypt

  7. Enter a volume size (to be used for the encrypted volume) and press Next.

    Size Selection

    You can select Kilobytes (KB), Megabytes (MB), or Gigabytes (GB) from the drop-down.

    Volume Size screen in VeraCrypt

  8. Type and confirm a password for the encryption volume and press Next.

    Strong Passwords Needed

    It is important to use a unique and strong password for the encryption, otherwise you run the risk of someone being able to guess the password and access your data.

    Volume Password screen in VeraCrypt

  9. Select the Filesystem type and press Next.

    Filesystem Types

    You can select from Ext2/3/4, NTFS, FAT, or exFAT filesystem types.

    Format Options screen in VeraCrypt

  10. Select I will mount the volume on other platforms, if you need to be able to access this encrypted volume from other operating systems (otherwise, select I will mount the volume only on Linux) and press Next.

    Cross-Platform Support screen in VeraCrypt

  11. In the next window, move your cursor around (within the VeraCrypt window) until enough randomness has been collected. Once that completes, select Format.

    Volume Format screen in VeraCrypt

  12. When prompted, type your sudo password and press OK.

  13. Press Exit.

Mount a VeraCrypt Partition

Now that the encrypted volume has been created, how do you use it? Simple.

  1. From the VeraCrypt main window, select Select File.

  2. Located the encrypted volume file you just created and press Open.

    Select a VeraCrypt Volume screen with the Open button highlighted

  3. Select a slot to mount the encrypted volume from the upper pane (in the VeraCrypt main window).

  4. Press Mount.

  5. When prompted, type the encryption password for the volume and press OK.

    OK button

  6. Open the file manager, choose Other Locations, and then double-click on the newly mounted drive.

    Desktop Icon

    On some desktops (such as GNOME), you can simply click on the newly-created desktop icon to access the volume.

    Selecting a new drive in Linux

  7. Add, edit, delete files from the mounted volume.

Umounting the Volume

It is very important, that when you’re done with the mounted volume, you unmount (otherwise, anyone can access the contents). To unmount the volume, select it from the slot (in the VeraCrypt main window) and click the Dismount button. At that point, your data is back to being encrypted and safe from prying eyes.