It is a good idea to keep your confidential data in an encrypted location to prevent unauthorized access. It becomes more important when you share your computer with others. Encryption encrypts the information so that it is unreadable to anyone. It, therefore, prevents others from accessing your data and seeing what’s inside. It can only be decrypted by a person who has a key that converts the information back into its original and readable form. Encryption is important not only for data transmission but also for data storage. Without encryption, anyone who has access to your system can view and change your data.

Under Linux there are several ways to add encryption. VeraCrypt is an open-source tool for encrypting files, folders and entire partitions, available not only for Linux, but also for Windows and Mac OS. In this article, I will describe how you can encrypt a partition under Linux with VeraCrypt.

We have executed the commands and procedures mentioned in this article on a Debian 10 operating system.

Download VeraCrypt

VeraCrypt can be downloaded from VeraCrypt website. Go to the downloads page of the VeraCrypt official website and download the setup file specified for Linux.

Install VeraCrypt on Debian

To install VeraCrypt, open the file manager. Navigate to the Downloads folder under Home directory. Right-click on the VeraCrypt downloaded setup and click on Extract Here option.

Extract VeraCrypt Archive

Now launch the Terminal application is your system. For that, go to the Activities tab in the top left corner of your Debian desktop. Then in the search bar, type terminal. When the Terminal icon appears, click on it to launch it.

Now navigate to the extracted setup by executing the following command in Terminal:

$ cd /home/user/Downloads/veracrypt-1.2.3-setup

Replace user with your system’s user name.

In the extracted setup folder, there is an option to use either the GUI or command line setup to install VeraCrypt. Also, there is 32-bit and 64-bit setup. You can choose the option depending upon the requirements of your system. To install VeraCrypt using the console, use the following command:

$ ./veracrypt-1.2.3-setup-console-x64

To install VeraCrypt using the GUI, use the following command:

$ ./veracrypt-1.2.3-setup-gui-x64

We will use GUI as it is easier to work graphically.

Start VeraCrypt Installer

Now you will see the GUI setup for installing the VeraCrypt. Click Install VeraCrypt.

Install VeraCrypt

Click on I accept and agree to be bound by the license terms to accept VeraCrypt terms and conditions.

Accept the license terms

Click Ok to start the installation.

Uninstall info

If prompted for the sudo password, enter the password and wait for a while until the installation is completed. Once done, press Enter to exit the window.

VeryCrypt has been successfully installed

Launch VeraCrypt

Once the installation is completed, you can launch the VeraCrypt application from Application launcher. Press the Windows key on your keyboard, and then type veracrypt in the search bar. When the VeraCrypt icon appears, click on it to launch.

Launch VeraCrypt

Alternatively, type just veracrypt in the Terminal and press enter to launch it.

Encrypt partitions using VeraCrypt

VeraCrypt offers two types of encrypted volumes:

  • Encrypted file container: It generates a virtual encrypted disk within a file.
  • The encrypted volume within a partition or drive: It encrypts an existing hard drive, hard drive partition, or an external disk.

Here are the steps towards encrypting a partition:

  1. Create an encrypted volume
  2. Mount encrypted volume
  3. Dismount the encrypted volume

Now we will perform these steps one by one:

Step 1: Create an encrypted volume

In VeraCrypt application window, click on Create volume. It will start the volume creation wizard.

Create an encrypted volume

Now the wizard asks whether you want to create an encrypted file container or encrypt a hard disk partition. Here in this article, we are going to create encrypted volume so Select Create a volume within a partition /drive, then click on Next.

Create a volume within a partition /drive

Now you will need to decide whether you want to create standard or hidden VeraCrypt volume. Select the volume type and click Next.

Standard VeryCrypt volume

Next in the Volume Location screen, click on Select Device. Here you can select the drive or partition that you wish to encrypt. But note that VeraCrypt will erase and format that partition, so all data on it will be erased.

Volume Location

Now select the partition or drive to encrypt and click OK.

Choose partition

Then click on Next to move on the next step.

In the Encryption Options window, you can select the encryption algorithm. This is the algorithm that will use to encrypt the partition. By default, the encryption algorithm is AES and hah algorithm is SHA-512. Leave the default option and click Next.

Use AES Encryption

Next in the Volume Password window, type your password twice. This password will be used to access the encrypted partition. You absolutely need to be sure that you remember this password, otherwise, you will no longer have access to data. Once done, click on Next.

Set a password for the volume

Next in the Format Options window, select the file system type from the drop-down, menu. Then click Next.

Filesystem format

Now you are ready for creating a volume. In the Volume Format window, click on Format to start formatting and create the volume.

Format the volume

When the process is completed, it will prompt a message notifying that volume has successfully created. Click OK.

Volume has been created successfully

Step 2: Mount the encrypted volume

Now you will need to mount the volume that you have just created. From the VeraCrypt main window, click Select Device.

Mount the encrypted volume

Now you need to select the required partition where you want to mount the volume. Select the drive or partition from the browsing window that appears and press OK.

Choose volume

Once the required partition is selected, click on Mount button at the bottom to mount the volume.

Mount encrypted volume

VeraCrypt will prompt you for the password. Enter the password that you have specified while creating the encrypted volume and click OK.

Enter password to decrypt the VeraCrypt volume

Now you will notice the top slot in the main screen of the VeraCrypt is populated with the mounted volume.

Volume mounted successfully

Open the file manager in your Debian OS and click on Other Locations, you will see the mounted volume. Now you can access it as a normal drive and copy-paste files in it as long as it is mounted there.

Step 3: Unmount the encrypted volume

Once you are done working with the mounted volume, you will need to dismount it. To do this, go back to VeraCrypt main window, select the volume, and then click Dismount.

Unmount VeraCrypt volume

That is all there is to it! So you have set up and encrypted volume on your system. Now whenever you want to access it, just mount it and enter the password. However, make sure to dismount the volume after using it. Otherwise, it will be open to everyone having access of your system. VeraCrypt can also be used to encrypt the entire drive, and even individual folders and external drives like USB.

How to Encrypt Linux partitions with VeraCrypt on Debian 10

Karim Buzdar

About the Author: Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn