Veracrypt on Linux: Complete guide to encrypt your data

Posted on by BlockmyIP | Category: Programas Linux

Introduction

Currently, protecting personal and professional information is a priority for Linux users. VeraCrypt emerges as a robust, open-source solution that allows creating encrypted volumes where sensitive files can be stored.

What is VeraCrypt?

VeraCrypt is the successor of TrueCrypt and improves its encryption algorithms, fixes known vulnerabilities, and adds new security options. It uses AES, Twofish, and Serpent encryption, among others, and allows creating hidden volumes to protect data against coercion.

Why use it on Linux

Linux offers an ideal environment for VeraCrypt thanks to its permission management, compatibility with various filesystems, and the possibility of integrating encryption into automation scripts. Moreover, many distributions include precompiled packages that simplify installation.

Installation on popular distributions

  • Ubuntu and Debian: sudo apt update && sudo apt install veracrypt
  • Fedora: sudo dnf install veracrypt
  • Arch Linux: sudo pacman -S veracrypt
  • openSUSE: sudo zypper install veracrypt

If your distribution does not provide the package, you can download the source code from the official site and compile it following the instructions in the README file.

Creating an encrypted volume

Once installed, launch VeraCrypt from the applications menu or run veracrypt in the terminal. The wizard will guide you step by step:

  1. Select Create Volume.
  2. Choose Standard VeraCrypt Volume or Hidden Volume according to your needs.
  3. Indicate the location and size of the container file.
  4. Select the encryption algorithm (default AES is sufficient for most cases).
  5. Set a strong password and, optionally, use keyfiles.
  6. Format the volume with the filesystem you prefer (ext4, FAT32, NTFS).

Finish the process and you will have a .hc file ready to be mounted.

Mounting and usage

To mount the volume:

  • Open VeraCrypt and click Select File.
  • Navigate to the .hc container and click Open.
  • Choose a free drive letter (for example /media/veracrypt1) and click Mount.
  • Enter the password and, if used, the keyfile.
  • Once mounted, the volume will appear like any disk and you can copy, edit, or backup your files.

To dismount, select the unit in the list and click Dismount or run veracrypt -d /path/to/container.hc from the terminal.

Command line and scripting

VeraCrypt includes a command-line interface that allows automating tasks:

  • Create a volume: veracrypt -t -c /path/volume.hc --size 1G --encryption AES --hash SHA-512 --filesystem ext4 --password mySecurePassword
  • Mount: veracrypt -t /path/volume.hc /mnt/point
  • Dismount: veracrypt -d /mnt/point
  • Change password: veracrypt -t -c /path/volume.hc --change-password

These commands can be included in backup scripts or cron tasks to mount the volume only when needed.

Security best practices

  • Use long, unique passwords, preferably generated by a password manager.
  • Consider using keyfiles stored on a separate medium (USB) to add an authentication factor.
  • Keep VeraCrypt updated; periodically check the official repository for security patches.
  • Avoid mounting volumes in directories with overly permissive permissions; use 700 permissions on the mount point.
  • Make backups of the volume headers (Volume menu → Copy Volume Header) to recover data in case of corruption.

Troubleshooting common issues

  • Device not found error: verify that the kernel module dm-crypt is loaded (lsmod | grep dm-crypt).
  • Password rejected: ensure there are no extra spaces when copying and pasting; try using the English keyboard layout if your distribution uses a different keyboard.
  • Low transfer speed: try changing the encryption algorithm to a faster one like AES-NI if your CPU supports it.
  • Volume does not mount after a kernel update: reinstall the VeraCrypt package or recompile it against the new headers.

Conclusion

VeraCrypt establishes itself as one of the best options for encrypting data on Linux, combining enterprise-level security with ease of use. By following the steps described in this guide you can protect your personal, professional, or sensitive project information from unauthorized access and enjoy the peace of mind that strong encryption provides.