If you’d like to use VeraCrypt with GUI, there are some good tutorials on how to do that, for example this one:
Based on: fredfire1
sudo apt-get update sudo apt-get install libfuse-dev makeself libwxbase3.0-0v5
The newest version might be found here: VeraCrypt - Downloads
cd ~ mkdir veracryptfiles cd veracryptfiles wget -L -O veracrypt-1.21-raspbian-setup.tar.bz2 https://launchpad.net/veracrypt/trunk/1.21/+download/veracrypt-1.21-raspbian-setup.tar.bz2
tar -vxjf ./veracrypt-1.19-raspbian-setup.tar.bz2 chmod +x veracrypt-1.19-setup-*
Run installation script:
Go according those steps:
VeraCrypt 1.19 Setup ____________________ Installation options: 1) Install veracrypt_1.19_console_armv7.tar.gz 2) Extract package file veracrypt_1.19_console_armv7.tar.gz and place it to /tmp To select, enter 1 or 2: '1'
Before you can use, extract, or install VeraCrypt, you must accept the terms of the VeraCrypt License. Press Enter to display the license terms... 'Enter'
Press Enter or space bar to see the rest of the license. VeraCrypt License Software distributed under this license is distributed on an AS IS BASIS WITHOUT WARRANTIES OF ANY KIND. THE AUTHORS AND DISTRIBUTORS OF THE SOFTWARE DISCLAIM ANY LIABILITY. ANYONE WHO USES, COPIES, MODIFIES, OR (RE)DISTRIBUTES ANY PART OF THE SOFTWARE IS, BY SUCH ACTION(S), ACCEPTING AND AGREEING TO BE BOUND BY ALL TERMS AND CONDITIONS OF THIS LICENSE. IF YOU DO NOT ACCEPT THEM, DO NOT USE, COPY, MODIFY, NOR (RE)DISTRIBUTE THE SOFTWARE, NOR ANY PART(S) THEREOF. VeraCrypt is multi-licensed under Apache License 2.0 and the TrueCrypt License version 3.0, a verbatim copy of both licenses can be found below. : 'q'
Do you accept and agree to be bound by the license terms? (yes/no): 'yes'
Uninstalling VeraCrypt: ----------------------- To uninstall VeraCrypt, please run 'veracrypt-uninstall.sh'. Installing package... [sudo] password for '[your user]':'*******'
usr/ usr/share/ usr/share/veracrypt/ usr/share/veracrypt/doc/ usr/share/veracrypt/doc/License.txt usr/share/veracrypt/doc/VeraCrypt User Guide.pdf usr/share/pixmaps/ usr/share/pixmaps/veracrypt.xpm usr/share/applications/ usr/share/applications/veracrypt.desktop usr/bin/ usr/bin/veracrypt usr/bin/veracrypt-uninstall.sh Press Enter to exit... 'Enter'
Erase installation files:
rm -r veracryptfiles
There are two ways of creating encrypted containers using VeraCrypt:
- Within the file.
- Encrypting complete partition/disk.
There is useful help command:
Volume within a file
In order to create volume within a file, follow these steps:
Create mounting point:
sudo mkdir /media/vera-test sudo chown osmc:osmc /media/vera-test
Create a volume:
Assuming you’ve external drive connected and mounted already to
veracrypt -t -c
Select volume type, hidden volumes provide even higher security, however for now, we will just create normal volume.
Volume type: 1) Normal 2) Hidden Select : '1'
Enter filename, within which volume will be created.
Enter volume path: '/media/Backup/vera-test-volume
Define volume size. If you need 10 kilo, mega or giga bytes it will look as follows.
- 10K (10 Kilobytes)
- 10M (10 Megabytes)
- 10G (10 Gigabytes)
We will use 10 Megabytes.
Enter volume size (sizeK/size[M]/sizeG): '10M'
Select encryption algorithm, people who tries to do brute force attack on encrypted volumes, usually assumes AES algorithm hence it is recommended to select different one.
Encryption Algorithm: 1) AES 2) Serpent 3) Twofish 4) Camellia 5) Kuznyechik 6) AES(Twofish) 7) AES(Twofish(Serpent)) 8) Serpent(AES) 9) Serpent(Twofish(AES)) 10) Twofish(Serpent) Select : '3'
Select hashing algorithm.
Hash algorithm: 1) SHA-512 2) Whirlpool 3) SHA-256 4) Streebog Select : '1'
Select file system, for simplicity it can be FAT but if you need file permission even Ext4 might be used.
Filesystem: 1) None 2) FAT 3) Linux Ext2 4) Linux Ext3 5) Linux Ext4 6) NTFS 7) exFAT Select : '2'
Password selection, it is recommended to use password consisting of more than 20 alpha numeric characters, due to possibility of brute force attack.
Enter password: '[your password]' Re-enter password: '[your password]'
PIM stands for Personal Iterations Multiplier.
It is a value that controls the number of iterations used by the header key derivation following the formulas:
- For system encryption: Iterations = PIM x 2048
- For non-system encryption and file containers: Iterations = 15000 + (PIM x 1000)
If PIM value is high, iterations are also high and this implies a better security but a slower mounting/booting. If PIM value is small, iterations count is also small and this implies quicker mounting/booting but it brings a decreases security.
We will select default value so, just press
If you want to use keyfile instead of password, here you can define keyfile. We will not do that, so again you can just press
Enter keyfile path [none]:
Here is the funny part, you need to type at least 320 random characters since this will be base for your encryption key.
Please type at least 320 randomly chosen characters and then press Enter:
That’s it, now you need to wait for encryption to process. It might take even hours for 500GB drives.
Mounting a volume:
Run following command:
veracrypt /media/storage/new-volume /media/vera-test
Enter password for /media/storage/new-volume: '[volume password]'
Enter PIM but, if you’ve used default PIM value, just press
Enter PIM for /media/storage/new-volume:
Enter keyfile, if you’ve used password you can just hit
Enter keyfile [none]:
If you’ve created normal, not hidden volume, just hit
Protect hidden volume (if any)? (y=Yes/n=No) [No]:
That’s it, your volume should be visible under
Encrypting complete partition/disk
If you need to encrypt entire drive, the only difference is that in step 2.2 instead of file name
/media/storage/new-volume you need to put device file name like that:
After you stopped using encrypted volume, you should dismount it:
If you wish, you can create handy aliases for mounting and dismounting your VeraCrypt volume:
printf "\nalias storage=\"veracrypt /dev/sda /media/storage --pim=0 --keyfiles= --protect-hidden=no\"" >> .bashrc
printf "\nalias unstorage=\"veracrypt -d /dev/sda\"" >> .bashrc
After adding aliases you can call
storage for mounting and
unstorage for dismounting your volume.