VeraCrypt

From David's Wiki
\( \newcommand{\P}[]{\unicode{xB6}} \newcommand{\AA}[]{\unicode{x212B}} \newcommand{\empty}[]{\emptyset} \newcommand{\O}[]{\emptyset} \newcommand{\Alpha}[]{Α} \newcommand{\Beta}[]{Β} \newcommand{\Epsilon}[]{Ε} \newcommand{\Iota}[]{Ι} \newcommand{\Kappa}[]{Κ} \newcommand{\Rho}[]{Ρ} \newcommand{\Tau}[]{Τ} \newcommand{\Zeta}[]{Ζ} \newcommand{\Mu}[]{\unicode{x039C}} \newcommand{\Chi}[]{Χ} \newcommand{\Eta}[]{\unicode{x0397}} \newcommand{\Nu}[]{\unicode{x039D}} \newcommand{\Omicron}[]{\unicode{x039F}} \DeclareMathOperator{\sgn}{sgn} \def\oiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x222F}\,}{\unicode{x222F}}{\unicode{x222F}}{\unicode{x222F}}}\,}\nolimits} \def\oiiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x2230}\,}{\unicode{x2230}}{\unicode{x2230}}{\unicode{x2230}}}\,}\nolimits} \)

VeraCrypt is the successor to the popular encryption utility TrueCrypt.
TrueCrypt had previously been audited and found to be secure.


CLI

To use the cli, call veracrypt with -t as the first argument.

Some examples output from veracrypt --help:

Create a new volume:
veracrypt -t -c

Mount a volume:
veracrypt volume.hc /media/veracrypt1

Mount a volume as read-only, using keyfiles:
veracrypt -m ro -k keyfile1,keyfile2 volume.hc

Mount a volume without mounting its filesystem:
veracrypt --filesystem=none volume.hc

Mount a volume prompting only for its password:
veracrypt -t -k "" --pim=0 --protect-hidden=no volume.hc /media/veracrypt1

Dismount a volume:
veracrypt -d volume.hc

Dismount all mounted volumes:
veracrypt -d

Flags

  • -t use text (CLI) interface
  • --non-interactive Add this when scripting with the CLI


Favoriting

See https://askubuntu.com/questions/732584/can-veracrypt-use-persistent-mount-points-on-linux

Favoriting Volumes

On linux, you don't want to favorite by /dev/sd[x]. Instead you should use one of the following:

  • /dev/disk/by-path/
  • /dev/disk/by-id/

If you're favoriting a partition rather than an entire volume, you can also use:

  • /dev/disk/by-uuid/

Notes:

  • These are all symlinks. You can use ls -l to see what they are.

Mounting on boot

See https://www.computercorrect.com/2018/operating-systems/linux/ubuntu/auto-mounting-a-veracrypt-volume-under-ubuntu-debian-linux/

The basic idea is to use crypttab. You can also use systemd.