{"id":261,"date":"2018-04-29T11:49:47","date_gmt":"2018-04-29T09:49:47","guid":{"rendered":"https:\/\/ubuntu.dirkschmidtke.de\/?post_type=portfolio&#038;p=261"},"modified":"2025-10-21T20:12:06","modified_gmt":"2025-10-21T18:12:06","slug":"veracrypt","status":"publish","type":"portfolio","link":"https:\/\/ubuntu.dirkschmidtke.de\/en\/portfolio\/veracrypt\/","title":{"rendered":"VeraCrypt"},"content":{"rendered":"<p><a href=\"https:\/\/www.veracrypt.fr\/en\/Home.html\" target=\"_blank\" rel=\"noopener noreferrer\">VeraCrypt<\/a> is a security software which allows to encrypt and decrypt drives, partitions or container files. Thus, VeraCrypt is very well suited for the secure storage of sensitive data. Moreover, it supports the principle of <a href=\"https:\/\/en.wikipedia.org\/wiki\/Plausible_deniability\" target=\"_blank\" rel=\"noopener noreferrer\">plausible deniability<\/a> by allowing a single <em>&#8220;hidden volume&#8221;<\/em> to be created within another volume.<\/p>\n<p>Since VeraCrypt is available not only for Linux, but also for Windows and OS-X, the software allows to share external harddrives or USB sticks across all platforms. The VeraCrypt GUI is programmed in Java.<\/p>\n<h3>TrueCrypt history<\/h3>\n<p>After the development of the encryption program TrueCrypt was <a href=\"https:\/\/arstechnica.com\/information-technology\/2014\/06\/following-truecrypts-bombshell-advisory-developer-says-fork-is-impossible\/\" target=\"_blank\" rel=\"noopener noreferrer\">discontinued in 2014<\/a>, VeraCrypt has established itself as a trustworthy and improved successor. The open-source program from the French company Idrix, a provider of security software, claims to plug security gaps of ita predecessor and tightens the encryption. Security gaps criticized in an <a href=\"https:\/\/blog.quarkslab.com\/security-assessment-of-veracrypt-fixes-and-evolutions-from-truecrypt.html\" target=\"_blank\" rel=\"noopener noreferrer\">audit<\/a> in October 2016 were immediately fixed in version 1.19.<\/p>\n<p>While containers and drives encrypted with VeraCrypt cannot be open with Truecrypt, VeraCrypt can open legacy TrueCrypt devices; for this purpose, however, one must check the corresponding option in the dialog <em>&#8220;Select device and mount&#8221;<\/em> &#8211; otherwise VeraCrypt will not be able to open it. It is also possible to convert containers and partitions (but not system partitions) encrypted with TrueCrypt. If you still need TrueCrypt, you can download the last version 7.1a, which was released with the original functionality, for example from the <a href=\"https:\/\/www.heise.de\/download\/product\/truecrypt-25104\" target=\"_blank\" rel=\"noopener noreferrer\">Heise Software directory<\/a>.<\/p>\n<h3>How to create, mount and unmount VeraCrypt volumes<\/h3>\n<p>Start by clicking on &#8220;Create volume&#8221; in the VeraCrypt GUI. On the following pages you select whether a file or a (system) drive\/partition should be encrypted, whether this volume should be hidden and which encryption type is to be used. Then you have to choose a password, which you should remember well, otherwise you won&#8217;t be able to access your own data. Finally, you choose how the volume should be formatted, and create the entropy needed for encryption, for example, with mouse movements.<\/p>\n<p>To mount an existing VeraCrypt volume and decrypt it, one clicks on the first free <em>&#8220;slot&#8221;<\/em> in the VeraCrypt GUI and then selects the desired volume either via the context menu or via the <em>&#8220;File&#8221;<\/em> or <em>&#8220;Device&#8221;<\/em> buttons. Once it is selected, one is asked for the encryption password.<\/p>\n<p>To unmount a volume, select it and choose <em>&#8220;Dismount&#8221;<\/em>. If unmounting is not possible because the volume is still <em>&#8220;busy&#8221;<\/em>, you can find out in the terminal which processes are still accessing and thus blocking it:<\/p>\n<blockquote>\n<pre><code>sudo lsof | grep \/media\/veracrypt1\/volumename<\/code><\/pre>\n<\/blockquote>\n<p>The path to the volume must of course be adjusted. Based on the output of this command, you can either close the programs involved or kill the processes involved.<\/p>\n<h3>Asking for root password<\/h3>\n<p>To prevent VeraCrypt from asking for the root password every time a device is mounted, create a file with root privileges called \/etc\/sudoers.d\/veracrypt with the following contents:<\/p>\n<pre>USERNAME ALL = (root) NOPASSWD:\/usr\/bin\/veracrypt<\/pre>\n<h3>License mix<\/h3>\n<p>While VeraCrypt is free, it is not considered to be open source software. Since it is a fork of TrueCrypt, parts of VeraCrypt inherit the TrueCrypt license, while new parts have been licensed under the well known Apache licence 2.0.<\/p>\n<h3>Installation<\/h3>\n<p>While VeraCrypt cannot be found in the Ubuntu repositories, the vendor recommends a PPA for the installation:<\/p>\n<pre>sudo add-apt-repository ppa:unit193\/encryption\r\nsudo apt update &amp;&amp; sudo apt install veracrypt<\/pre>\n<h3>Alternatives<\/h3>\n<p><a href=\"https:\/\/mhogomchungu.github.io\/zuluCrypt\/\" target=\"_blank\" rel=\"noopener\">ZuluCrypt<\/a> ist a Linux-only tool available as GUI or on the command line, which can handle several encrypted formats including VeraCrypt und TrueCrypt.<\/p>\n<p>Linux distributions usually have built-in encryption methods, that are already available in the installer. If you want to encrypt your server, laptop or pc, you should use them instead of VeraCrypt. First choice is <a href=\"https:\/\/gitlab.com\/cryptsetup\/cryptsetup\" target=\"_blank\" rel=\"noopener noreferrer\">Luks<\/a>, which allows encrypting the root filesystem. The choice to encrypt only the home partition with <a href=\"http:\/\/ecryptfs.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ecryptfs<\/a> was removed from the Ubuntu installer.<\/p>","protected":false},"excerpt":{"rendered":"<p>VeraCrypt is a security software which allows to encrypt and decrypt drives, partitions or container files. It is very well suited for the secure storage of sensitive data.<\/p>\n","protected":false},"author":1,"featured_media":263,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"portfolio_category":[20],"portfolio_tag":[],"class_list":["post-261","portfolio","type-portfolio","status-publish","has-post-thumbnail","hentry","portfolio_category-sicherheit"],"_links":{"self":[{"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio\/261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio"}],"about":[{"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/types\/portfolio"}],"author":[{"embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/comments?post=261"}],"version-history":[{"count":18,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio\/261\/revisions"}],"predecessor-version":[{"id":1059,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio\/261\/revisions\/1059"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/media\/263"}],"wp:attachment":[{"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/media?parent=261"}],"wp:term":[{"taxonomy":"portfolio_category","embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio_category?post=261"},{"taxonomy":"portfolio_tag","embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio_tag?post=261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}