It is a good idea to keep your confidential data in an encrypted location to prevent unauthorized access. It becomes more important when you share your computer with others. Encryption encrypts the information so that it is unreadable to anyone. It, therefore, prevents others from accessing your data and seeing what’s inside. It can only be decrypted by a person who has a key that converts the information back into its original and readable form. Encryption is important not only for data transmission but also for data storage. Without encryption, anyone who has access to your system can view and change your data.
Under Linux there are several ways to add encryption. VeraCrypt is an open-source tool for encrypting files, folders and entire partitions, available not only for Linux, but also for Windows and Mac OS. In this article, I will describe how you can encrypt a partition under Linux with VeraCrypt.
We have executed the commands and procedures mentioned in this article on a Debian 10 operating system.
Download VeraCrypt
VeraCrypt can be downloaded from VeraCrypt website. Go to the downloads page of the VeraCrypt official website and download the setup file specified for Linux.
Install VeraCrypt on Debian
To install VeraCrypt, open the file manager. Navigate to the Downloads folder under Home directory. Right-click on the VeraCrypt downloaded setup and click on Extract Here option.
Now launch the Terminal application is your system. For that, go to the Activities tab in the top left corner of your Debian desktop. Then in the search bar, type terminal. When the Terminal icon appears, click on it to launch it.
Now navigate to the extracted setup by executing the following command in Terminal:
$ cd /home/user/Downloads/veracrypt-1.2.3-setup
Replace user with your system’s user name.
In the extracted setup folder, there is an option to use either the GUI or command line setup to install VeraCrypt. Also, there is 32-bit and 64-bit setup. You can choose the option depending upon the requirements of your system. To install VeraCrypt using the console, use the following command:
$ ./veracrypt-1.2.3-setup-console-x64
To install VeraCrypt using the GUI, use the following command:
$ ./veracrypt-1.2.3-setup-gui-x64
We will use GUI as it is easier to work graphically.
Now you will see the GUI setup for installing the VeraCrypt. Click Install VeraCrypt.
Click on I accept and agree to be bound by the license terms to accept VeraCrypt terms and conditions.
Click Ok to start the installation.
If prompted for the sudo password, enter the password and wait for a while until the installation is completed. Once done, press Enter to exit the window.
Launch VeraCrypt
Once the installation is completed, you can launch the VeraCrypt application from Application launcher. Press the Windows key on your keyboard, and then type veracrypt in the search bar. When the VeraCrypt icon appears, click on it to launch.
Alternatively, type just veracrypt in the Terminal and press enter to launch it.
Encrypt partitions using VeraCrypt
VeraCrypt offers two types of encrypted volumes:
- Encrypted file container: It generates a virtual encrypted disk within a file.
- The encrypted volume within a partition or drive: It encrypts an existing hard drive, hard drive partition, or an external disk.
Here are the steps towards encrypting a partition:
- Create an encrypted volume
- Mount encrypted volume
- Dismount the encrypted volume
Now we will perform these steps one by one:
Step 1: Create an encrypted volume
In VeraCrypt application window, click on Create volume. It will start the volume creation wizard.
Now the wizard asks whether you want to create an encrypted file container or encrypt a hard disk partition. Here in this article, we are going to create encrypted volume so Select Create a volume within a partition /drive, then click on Next.
Now you will need to decide whether you want to create standard or hidden VeraCrypt volume. Select the volume type and click Next.
Next in the Volume Location screen, click on Select Device. Here you can select the drive or partition that you wish to encrypt. But note that VeraCrypt will erase and format that partition, so all data on it will be erased.
Now select the partition or drive to encrypt and click OK.
Then click on Next to move on the next step.
In the Encryption Options window, you can select the encryption algorithm. This is the algorithm that will use to encrypt the partition. By default, the encryption algorithm is AES and hah algorithm is SHA-512. Leave the default option and click Next.
Next in the Volume Password window, type your password twice. This password will be used to access the encrypted partition. You absolutely need to be sure that you remember this password, otherwise, you will no longer have access to data. Once done, click on Next.
Next in the Format Options window, select the file system type from the drop-down, menu. Then click Next.
Now you are ready for creating a volume. In the Volume Format window, click on Format to start formatting and create the volume.
When the process is completed, it will prompt a message notifying that volume has successfully created. Click OK.
Step 2: Mount the encrypted volume
Now you will need to mount the volume that you have just created. From the VeraCrypt main window, click Select Device.
Now you need to select the required partition where you want to mount the volume. Select the drive or partition from the browsing window that appears and press OK.
Once the required partition is selected, click on Mount button at the bottom to mount the volume.
VeraCrypt will prompt you for the password. Enter the password that you have specified while creating the encrypted volume and click OK.
Now you will notice the top slot in the main screen of the VeraCrypt is populated with the mounted volume.
Open the file manager in your Debian OS and click on Other Locations, you will see the mounted volume. Now you can access it as a normal drive and copy-paste files in it as long as it is mounted there.
Step 3: Unmount the encrypted volume
Once you are done working with the mounted volume, you will need to dismount it. To do this, go back to VeraCrypt main window, select the volume, and then click Dismount.
That is all there is to it! So you have set up and encrypted volume on your system. Now whenever you want to access it, just mount it and enter the password. However, make sure to dismount the volume after using it. Otherwise, it will be open to everyone having access of your system. VeraCrypt can also be used to encrypt the entire drive, and even individual folders and external drives like USB.