VeraCrypt for Linux

VeraCrypt for Linux

How to create and use a VeraCrypt Container (file).

 

The Veracrypt binary is located at:

/usr/bin/veracrypt
  1. ssh into the linux host you will be creating the containers on
  2. Go to the directory where you want the container to be.
  3. Create a directory, for example project. This will later be used to mount the encrypted volume.
  4. Launch VeraCrypt and click Create Volume.
  5. Make sure Create an encrypted file container is checked and click Next.
  6. Choose Standard VeraCrypt volume and click Next.
  7. Click on Select File... This will be the location of the encrypted container.  The container is actually a file with a specified size that VeraCrypt uses to store your encrypted files in.  Once this file/container is created it can be deleted, copied and moved just like any other file.  Be careful where you choose to store this file.
  8. Don't use an existing file name because it will be overwritten.  You won't use this to encrypt existing files but you can move existing files to this encrypted container once we are finished. Something like project_container might be good. Then you can later mount the container to project in the same directory.
  9. Choosing the default options for Encryption Algorithm and Hash Algorithm is sufficient for most users so that is what we'll focus on here.  For more information on these subjects there are links located in each section.
  10. Choose the size of the file storage container.  Be careful because this might count against your ECN and other space quota depending upon where it is located.
  11. Choose a good password that you can remember.  Some suggestions are provided on the password page.  We won't worry about Use keyfiles or Display password options here.
  12. For Format Options, FAT is the most flexible if you want to copy the container to other devices. Otherwise Linux Ext4 is a good option. Choose a file format and click Next.
  13. Now it is ready to format your volume/container/file. Read the IMPORTANT: caption below about randomly moving your mouse about the window.
  14. Now click Format.
  15. Your volume has been created and is ready to be mounted as an available drive letter.  If you click OK on the notification window and it starts back at the creation wizard window you can just Exit at this point.
  16. Click on the Mount button.
  17. Click on the Options button.
  18. Click on the Select button across from "Mount at directory:"
  19. Navigate to the directory you created to mount this container. In my examle, project.
  20. Select the directory
  21. Click on the Open button.
  22. You will want to add some Mount Options if this container is shared with a group.
    1. You need to get your uid and the gid associated with the group.
      1. ssh into the host where the container is located
      2. run "id". This will give your uid and all gid's your account is associated with
      3. gid's will be listed as NUMBER(group name)
    2. Now that you have your uid and appropriate gid you will enter the following in the Mount Options area. Replace UID with your uid, and GID with your gid: 
      rw,uid=UID,gid=GID,fmask=0007,dmask=0007
    3. This will mount the container with the proper group permissions to that others in the group can access directories and files created inside of it.
  23. Enter your password and Click the OK button.

 

You can now freely move files into and out of your encrypted drive.  VeraCrypt will Encrypt and Decrypt the files on-the-fly for you as you move them in and out.  Even if you close the window to your encrypted drive it is still mounted and accessible to save and copy files to until you manually Dismount it or restart your computer.

To Dismount an Encrypted volume simply start VeraCrypt and click the Dismount All button.

Mounting/Unmounting a Container from the commandline

  1. You will need the id and gid information gathered from Step 21 from above.
  2. To mount the container the command to use it: 
    veracrypt -t --fs-options="rw,uid=UID,gid=GID,fmask=0007,dmask=0007" \
--mount /path/to/veracrypt/container /path/to/mount/point
  3. You will be prompted with: (you only need to enter the password, hit enter/accept the defaults for the rest).
    1. Enter password for /path/to/container:
    2. Enter PIM for /path/to/container
    3. Enter keyfile [none]:
    4. Protect hidden volume (if any)? (y=Yes/n=No) [No]:
  4. Then a bunch errors/warnings will fly by. Don't worry about those. If you enter the password correctly the container will be mounted rather quickly. If not, it will take a bit for it to come back with the password prompt and the prompt from step 4 (Protect hidden volume).
  5. Once you are done using the container you can dismount it by running: 
    veracrypt -d ContainerName
  6. or just  (this will dismount all containers you have mounted) 
    veracrypt -d

Last modified: 2022/02/21 15:59:53.130390 US/Eastern by joseph.r.kline.1
Created: 2018/06/12 10:29:5.559436 GMT-4 by joseph.r.kline.1.

Categories

Search the Knowledge Base

Include:

Quick search results

    Admin Options: Edit this Document