Hard Drive Encryption: VeraCrypt Tutorial
Hard drive encryption, is the process of making data stored on a hard drive unreadable or disfigured,
thereby making it uninformative to adversaries; only authorized entities who know the decryption key/
method can restore the data to its healthy, original, readable format. When a storage device is
encrypted, it will remain encrypted even if used on different computers or mounted from other
Operating Systems. This means that even in the case your storage device gets stolen, your data will still
be safe and cannot be retrieved by the thief.
Full Disk Encryption
When we say storage device we mean anything that can store data: hard drives, external hard drives
USB sticks, etc. There are several types of storage encryption used for encrypting data on storage
devices, these types are very infamous of confusing people as they appear to be the same thing; they
are not. The first and most known one is full disk Encryption. As probably guessed, in this scheme the
whole storage device is encrypted with a single key. Be it a hard drive or a USB stick, the whole device
Before discussing the second type, partitions are to be introduced. A storage device can be split into
smaller storage units called partitions. A user can make many partitions and use each for storing
specific types of data or for any other logical reason. Partition Encryption, the second type, involves
encrypting those separate storage units we just talked about. Each encrypted partition will have its own
decryption key. When comparing the two discussed types, it’s apparent that latter is better in terms of
security. Full disk encryption has a single point of failure; an attacker would only need a single key to
access all data on the storage device. On the other hand, in partition encryption, each encrypted
partition has its own key; an attacker would need all the keys to access all the data!
The last type, which our focus is on, is Volume Encryption. A volume is basically a storage container
in a file system. A volume can contain multiple partitions or even multiple hard drives. You can think of
it as a logical storage unit that can represent files from different storage units. When encrypting a
volume, all the files it represents are encrypted even if they reside in multiple storage untis. In this
tutorial we will focus on Volume encryption.
VeraCrypt is a free open-source program that facilitates storage encryption. While it can do all the
previously mentioned storage encryption types, it really stands out in volume encryption. VeraCrypt
uses something called on-the-fly-encryption (OTFE). On-the-fly-encryption means that data is
encrypted and decryped as it’s being saved or loaded from the encrypted volume automatically. To
explain this further, assume you have an encrypted volume you wish to access. When you provide the
proper key, the volume’s contents will be visible to you, however not yet actually decrypted. The actual
decryption only happens when you open a file, and it only happens to that particular file. This means a
volume is never fully decrypted at any point. Moreover, you can add files to your encrypted volume
easily; the added file will get encrypted automatically and placed inside the volume. This makes the
encrypted volume seem almost like a normal volume!
Creating an encrypted volume using VeraCrypt
VeraCrypt is available on all Operating Systems. However, we’ll be using Linux in this tutorial, a
debian-based Linux distro in particular. VeraCrypt is usually not present in linux distributions’
repositories, so you will have to add VeraCrypt’s repository to apt.
sudo add-apt-repository ppa:unit193/encryption
Then, do a package list update.
sudo apt-get update
At last, install VeraCrypt.
sudo apt-get install veracrypt
Now to run VeryCrypt either type it in the terminal or click it on the software list.
- To create a new encrypted volume, click on Mount. This will open a new window.
- Here, you get to choose whether you want the volume to be inside a file or inside a drive. Choose the
first option and click next.
- In this screen, you can either choose to make a standard volume or a hidden one. More on hidden
volumes later. For now choose the first option.
- In the screenshot right above, you can choose the encryption and hashing algorithms. Keep them as
they are and click next.
- Specify the size of the encrypted volume you want to create. I picked 5000 MB which is
approximately 5 GB.
- Of course, the password! Make sure it’s something hard to guess and make it complicated (upper and
lower case, symbols, numbers).
- Basically, this window is asking you whether you want the volume to be dynamic or static. Dynamic
volumes can grow in size to accommodate larger files. Static ones, however, can only contain as
much as specified in creation. Choose whichever you want.
- Choose the format for your volume. FAT is compatible with all Operating Systems, so go with that.
- Now VeraCrypt will create your encrypted volume. Move your mouse around randomly, this adds
randomness to the encryption process and makes it stronger. After randomness (entropy) is collected, click format and wait.
- Now your encrypted volume has been created! To mount your encrypted volume click on Select File
from the previous screenshot. Choose the file you specified earlier and then choose one of the shown
numbered disks to mount your volume to.
- Enter your password. You may additionally be asked to enter your Linux user password to give veracrypt permission to mount the volume. Do
Your volume will be open in a file manager window. You can interact with it like you would do with
any other normal volume. You can add files to your encrypted volume which will get encrypted on the
When you open a file from a VeraCrypt volume, the file is never decrypted to storage; rather, VeraCrypt
decrypts clicked files and stores them temporarily in the RAM. When the file is closed, its decrypted
equivalent in the RAM gets erased immediately.
Creating a hidden Veracrypt volume.
Sometimes there may be a risk that someone is going to force you to reveal the password for your
encrypted volume, perhaps your parents, wife or even someone holding a gun against your skull.
VeraCrypt implements a cool feature called hidden volumes. A hidden volume is an encrypted volume
that resides within an encrypted volume. It takes up the free space within the outer/original volume;
since the free space in the encrypted volume is just random data, it should be impossible for someone
to prove that a hidden volume exists inside the encrypted volume. The user sets two passwords, one for
the outer volume and one for the hidden one. The user typically puts minor sensitive data in the original
volume and puts really sensitive data inside the hidden volume. When the password pertaining to the
outer volume is entered, the outer volume opens. Likewise, the hidden volume opens when its
pertaining password is entered.
We will create a a hidden volume for a new encrypted volume.
- Open VeraCrypt like from before and do the exact same steps until you arrive at this window:
- Previously we chose the first option; however, this time go with the second.
- As you can see above, you will have to make a password for the outer volume first.
- Each of the two volumes is encrypted separately as can be seen.
- You can specify the size of the hidden volume. Note that it can’t be larger than the outer volume as
that wouldn’t make any sense.
- As previously said, a different password must be set for the hidden volume.
Now both the volumes have been created! You can access each volume with its pertaining password.
Remember, minor important files should be put in the outer volume, while very sensitive ones should
go in the hidden volume.
Do you find this content interesting?
Let us know by leaving a comment and a rating.
Also, don't forget to follow our Official Telegram Channel to stay informed and safe by Reading NOIRdotNEWS