How to Encrypt Linux Partitions With VeraCrypt

Encryption doesn’t have to be a challenge on Linux

Photo illustration of a lock inside a series of circles.

Pixabay

by Jack Wallen
Jack Wallen is a former Lifewire writer, an award-winning writer for TechRepublic and Linux.com, and the voice of The Android Expert.
Updated October 28, 2019

The issue of data security can no longer be avoided. If you have sensitive information on your computer, it should be encrypted. Why? Without encryption, that information is wide open, for all to see. Should anyone gain access to your desktop, they can view and extract that data. Instead of leaving that information wide open, why not hide it behind a layer of encryption? You may be thinking, “If I’m using Linux, that must be a challenge.” It’s not. In fact, there are plenty of tools that make this process quite easy.

One such tool is the open source (and free) VeraCrypt. VeraCrypt offers features like easy virtual disk creation and encrypting entire storage devices. (such as USB flash drive or hard drive).

It even supports automatic, real-time transparent encryption. That means, with this feature enabled, your data stay encrypted without you have to remember.

Install VeraCrypt on Linux

Our demonstration platform will be Ubuntu Desktop 18.04, however the installation should work the same on all Linux platforms. Here are the steps for successful installation:

  1. Download the necessary file from the VeraCrypt Downloads Page into your Downloads folder. For this installation, download the file marked Linux: veracrypt-1.23-setup.tar.bz2.

  2. Open the file manager and double-click the Downloads folder.

    Screenshot of extracting a compressed file in Linux.

    Right-click the downloaded file and select Extract Here.

  3. Double-click on the newly created veracrypt-XXX-setup folder (Where XXX is the release number).

  4. In the new folder, right-click on a blank space and select Open in Terminal.

    Screenshot of opening a terminal from a Linux file manager.

  5. Once the terminal opens, enter the command ./veracrypt-XXX-setup-gui-x64 (Where XXX is the release number).

    Screenshot of the VeraCrypt install command.

  6. When prompted, press Install VeraCrypt.

    Screenshot of the Install VeraCrypt prompt.

  7. When prompted, select I accept and agree to be bound by the license terms.

    Screenshot of the VeraCrypt license agreement.

  8. A terminal window will popup, requiring you to enter your user’s sudo password. Type your password and hit Enter.

    Screenshot of a terminal prompting for a sudo password.

  9. When the installation completes, hit Enter on your keyboard to exit the installer.

    Screenshot of the final installation screen.

  10. The installation is complete.

There are two types of encrypted volumes that can be created:

  • Encrypted file container: An encrypted file that, when mounted, acts as a folder, but when unmounted is an encrypted file with data that cannot be accessed without the encryption password.
  • Encrypted volume within a partition or drive: Formats an encrypted partition that can only be accessed with the encryption password.

Create an Encrypted VeraCrypt Partition

Creating an encrypted volume with VeraCrypt is simple. Here are the steps for creating a standard encrypted file container.

  1. Open VeraCrypt from your desktop start menu. From the application window, select Create Volume.

    Screenshot of the main VeraCrypt window.

  2. Select Create an encrypted file container and press Next.

    Screenshot of selecting a volume type.

  3. Select Standard VeraCrypt volume and press Next.

    Screenshot of the volume type selection window.

  4. Press Select File.

    Screenshot of the Volume Location window.

  5. Give the new container file a name and press Save.

    Screenshot of the volume naming window.

  6. Select the Encryption Algorithm and the Hash Algorithm (or use the default, which is safe) and press Next.

    Screenshot of the algorithm selection window.

  7. Enter a volume size (to be used for the encrypted volume) and press Next.

    Screenshot of the Volume Size window.

    Size Selection

    You can select Kilobytes (KB), Megabytes (MB), or Gigabytes (GB) from the drop-down.

  8. Type and confirm a password for the encryption volume and press Next.

    Screenshot of the password creation window.

    Strong Passwords Needed

    It is important to use a unique and strong password for the encryption, otherwise you run the risk of someone being able to guess the password and access your data.

  9. Select the Filesystem type and press Next.

    Screenshot of the filesystem type selection window.

    Filesystem Types

    You can select from Ext2/3/4, NTFS, FAT, or exFAT filesystem types.

  10. Select I will mount the volume on other platforms, if you need to be able to access this encrypted volume from other operating systems (otherwise, select I will mount the volume only on Linux) and press Next.

    Screenshot of the cross-platform support window.

  11. In the next window, move your cursor around (within the VeraCrypt window) until enough randomness has been collected. Once that completes, select Format.

    Screenshot of the randomness collection window.

  12. When prompted, type your sudo password and press OK.

  13. Press Exit.

Mount a VeraCrypt Partition

Now that the encrypted volume has been created, how do you use it? Simple.

  1. From the VeraCrypt main window, select Select File.

    Screenshot of locating the VeraCrypt file.

    Located the encrypted volume file you just created and press Open.

  2. Select a slot to mount the encrypted volume from the upper pane (in the VeraCrypt main window).

  3. Press Mount.

  4. When prompted, type the encryption password for the volume and press OK.

    Screenshot of entering the encryption password.

  5. Open the file manager, choose Other Locations, and then double-click on the newly mounted drive.

    Screenshot of the mounted VeraCrypt volume.

    Desktop Icon

    On some desktops (such as GNOME), you can simply click on the newly-created desktop icon to access the volume.

  6. Add, edit, delete files from the mounted volume.

Umounting the Volume

It is very important, that when you’re done with the mounted volume, you unmount (otherwise, anyone can access the contents). To unmount the volume, select it from the slot (in the VeraCrypt main window) and click the Dismount button. At that point, your data is back to being encrypted and safe from prying eyes.