VeraCrypt is an open-source disk encryption software that allows you to encrypt files, partitions, or entire drives to protect your data from unauthorized access. It is free, cross-platform, and the successor to the now-defunct TrueCrypt.
In this comprehensive guide, I will walk you through the full process of installing and using VeraCrypt on Ubuntu 22.04, covering the following topics:
- What is VeraCrypt and why use it?
- Installing VeraCrypt on Ubuntu 22.04
- Creating an encrypted VeraCrypt container
- Mounting and accessing encrypted containers
- Encrypting a USB drive with VeraCrypt
- Encrypting the system partition with VeraCrypt
- Advanced usage tips and best practices
So if you want to start protecting sensitive data on your Ubuntu system, keep reading!
What is VeraCrypt and Why Use It?
VeraCrypt is an open-source and free disk encryption software based on TrueCrypt, which is no longer maintained. It uses industry-standard encryption algorithms like AES, Serpent, Twofish, etc. to encrypt files, partitions or drives.
Some key features that make VeraCrypt a popular choice are:
- Strong encryption algorithms: Uses AES, Serpent, Twofish ciphers with different combinations. Making it extremely difficult to break.
- Plausible deniability: Allows the creation of a hidden encrypted volume within another encrypted volume.
- Cross-platform: Available for Windows, macOS and Linux. Enables transferring encrypted containers between devices.
- Free and open source: Licensed under Apache License 2.0. Thoroughly audited by independent researchers.
VeraCrypt helps protect your sensitive data from attacks like theft of devices, unauthorised access by other users, data breaches, and more. It has become an essential tool for security and privacy conscious users.
Some examples of data you may want to encrypt with VeraCrypt include:
- Confidential business documents
- Personal financial records
- Private photos / videos
- Passwords / credentials file
- Healthcare related data
- and more…
Now that you understand what VeraCrypt is and why you should use it, let‘s move on to installing and using it on Ubuntu.
Installing VeraCrypt on Ubuntu 22.04
VeraCrypt is not available in Ubuntu‘s default software repositories. But we can easily install it from a Personal Package Archive (PPA) specially created for VeraCrypt.
Here are the detailed steps to install VeraCrypt:
-
Open terminal using Ctrl+Alt+T shortcut
-
Add the VeraCrypt PPA repository using following apt command:
sudo add-apt-repository ppa:unit193/encryption
-
When prompted press Enter to continue
-
Next, update your packages index using:
sudo apt update
-
Finally install VeraCrypt package using:
sudo apt install veracrypt
That‘s it! VeraCrypt is now ready to use on your Ubuntu 22.04 desktop.
To verify, simply type veracrypt
in terminal and the GUI application will launch.
Optionally you can also install the command line utilities using:
sudo apt install veracrypt-cli
Next up, we will see how to use VeraCrypt to encrypt a file container.
Creating an Encrypted VeraCrypt Container
The most basic VeraCrypt feature is the ability to create encrypted file containers. Containers behave like virtual drives that you can mount and access just like regular drives after entering the correct password.
Follow these steps to create a VeraCrypt container:
-
Open VeraCrypt GUI app
-
Click on ‘Create Volume‘
-
Keep selection as ‘Create an encrypted file container‘
-
Click Next
-
Select ‘Standard VeraCrypt volume‘ and click Next
-
Click Select File to choose a location and name for your container
- I‘m creating a 2GB container called mydata.vc in Documents folder
-
Select desired size of your container – I‘m setting it to 2GB. Click Next.
-
Choose encryption algorithm and hash algorithm
- AES and SHA-256 are secure options
-
Click Next
-
Enter a strong password for encrypting the container
- Make sure to pick a long complex password that is hard to crack
-
Move around mouse randomly to generate encryption keys
-
Click Format to create the VeraCrypt container
-
Confirm password again when prompted
This creates a 2GB VeraCrypt container file called mydata.vc
in my Documents folder. Next we‘ll learn how to mount it and access the encrypted storage.
Mounting and Accessing Encrypted Containers
Once an encrypted VeraCrypt container has been created, you need to mount it to access the storage within. Mounting attaches the container to the operating system as a new drive.
Here are the steps to mount containers:
- Launch the VeraCrypt application
- Click Select File and choose your encrypted container
- Click Mount
- Enter the correct password you created earlier
- Select an available drive letter to use for mounting
- Check both options:
- Mount read-only
- Mount removable medium
- Click OK
After a few seconds, an Explorer window will open showing the mounted container as an additional drive.
You can now copy-paste files into this drive to store them encrypted within the VeraCrypt container.
To unmount, right click the mounted container drive in VeraCrypt > Select Dismount.
Alternatively, the container is automatically dismounted when you lock or restart your system.
Encrypting a USB Drive with VeraCrypt
VeraCrypt can encrypt entire USB drives including thumb drives, external HDDs and more.
Here is how to fully encrypt a USB flash drive with VeraCrypt:
- Insert your USB drive and launch VeraCrypt
- Click ‘Create Volume‘
- Keep choice as encrypted file container
- Select
USB
under the drive letters section - Click Next to continue to encryption options
- Follow prompts to set encryption algorithms and password
- Move mouse randomly and click Format to encrypt USB
- Wait for the process to complete. All data will be erased.
- Your USB drive is now fully encrypted by VeraCrypt!
To access the encrypted USB drive, plug it into any computer and mount it via VeraCrypt using the steps mentioned earlier.
This lets you easily carry encrypted data in your pocket and access it securely from anywhere.
Encrypting System Partition with VeraCrypt
For maximum data protection, you can choose to encrypt the entire operating system drive using VeraCrypt. It will encrypt all your system files, programs and data.
💡 Note: This will erase the target drive so make sure to backup important data first!
Follow below steps to encrypt Ubuntu system partition:
- Backup data and close all programs
- Launch VeraCrypt > Create Volume > Encrypt a non-system partition/drive
- Select partition to encrypt under System section (sda2 for Ubuntu generally)
- Follow the setup wizard prompts similar to container creation above
- Set strong password, encryption algorithms, etc.
- Once the wizard completes, reboot the system
- Choose
System Encryption
at the VeraCrypt boot screen - Select the partition encrypted earlier
- Enter password to boot into Ubuntu
After completing the steps, Ubuntu will boot normally but the system partition containing all your apps, files, settings will be safely encrypted using your VeraCrypt password.
Advanced Usage Tips
Here are some additional tips for using VeraCrypt securely and effectively:
-
Always pick long and complex password combinations that are hard to guess or brute force. Optionally use keyfiles for second-factor authentication.
-
Create hidden volumes within larger containers to enable plausible deniability of encrypted data if forced to reveal password.
-
Regularly backup the headers of encrypted drives which contain encryption keys needed to unlock your data.
-
Use multiple iterations for header key derivation to make brute force attacks harder.
-
Store encrypted containers on cloud platforms like Google Drive, Dropbox etc to benefit from cloud backup & sync while keeping data encrypted locally.
-
Consider installing VeraCrypt on a USB drive for portable encrypted storage that can be accessed from any PC.
So that concludes this beginner‘s guide to using VeraCrypt on Ubuntu! Now you have both the knowledge and tools to start protecting your sensitive Linux data more securely.