How to use the command 'veracrypt' (with examples)
- Linux
- December 25, 2023
Veracrypt is a free and open source disk encryption software that allows users to create encrypted volumes and mount them to directories for secure storage of files and folders. It provides a text user interface for easy interaction with the command line. In this article, we will walk through different use cases of the veracrypt command.
Use case 1: Create a new volume through a text user interface
Code:
veracrypt --text --create --random-source=/dev/urandom
Motivation:
Creating a new volume through a text user interface is useful when you want to set up an encrypted storage space for sensitive data. The --random-source=/dev/urandom option ensures that sufficient random data is used to generate a strong encryption key for the volume.
Explanation:
--text: Enables the text user interface for creating the volume.--create: Instructs Veracrypt to create a new volume.--random-source=/dev/urandom: Specifies the source of random data for generating the encryption key./dev/urandomis a special file in Unix-like operating systems that provides a source of random data.
Example output:
Volume type:
1) Normal
2) Hidden
Select [1]: 1
Algorithm:
1) AES
2) Serpent
3) Twofish
4) Camellia
5) Kuznyechik
6) AES(Twofish)
7) AES(Twofish(Serpent))
8) Serpent(AES)
9) Serpent(Twofish(AES))
10) Twofish(Serpent)
11) Twofish(AES)
12) Serpent(Twofish)
Select [1]: 1
[...]
Encryption key size:
1) 128 bits (security level 3)
2) 256 bits (security level 4)
3) 320 bits
4) 384 bits
5) 448 bits
Select [2]: 2
[...]
Enter a password for the volume:
[...]
Use case 2: Decrypt a volume interactively through a text user interface and mount it to a directory
Code:
veracrypt --text path/to/volume path/to/mount_point
Motivation:
When you have an encrypted volume and want to access its contents, you can use the --text option to initiate a text user interface for the decryption process. By providing the path to the volume and the mount point, you can securely mount the volume to a directory and access the files within.
Explanation:
--text: Enables the text user interface for decryption.path/to/volume: Specifies the path to the encrypted volume file.path/to/mount_point: Specifies the directory where the decrypted volume will be mounted.
Example output:
Enter password for /path/to/volume:
[...]
Volume mounted
Use case 3: Decrypt a partition using a keyfile and mount it to a directory
Code:
veracrypt --keyfiles=path/to/keyfile /dev/sdXN path/to/mount_point
Motivation:
In situations where you want to decrypt a specific partition using a keyfile, you can utilize the --keyfiles option along with the --text option to interactively select the keyfile and mount the decrypted partition to a directory. This is useful when you are working with an encrypted partition that requires specific authentication mechanisms.
Explanation:
--keyfiles=path/to/keyfile: Specifies the path to the keyfile used for decryption./dev/sdXN: Specifies the partition to be decrypted. ReplaceXwith the appropriate drive identifier andNwith the desired partition number.path/to/mount_point: Specifies the directory where the decrypted partition will be mounted.
Example output:
Enter password for keyfile at:
1: path/to/keyfile
[...]
Volume mounted
Use case 4: Dismount a volume on the directory it is mounted to
Code:
veracrypt --dismount path/to/mounted_point
Motivation:
When you no longer need to access the contents of a mounted volume, it is important to dismount it properly to ensure the security of your data. The --dismount option allows you to unmount the volume by specifying the path to the mounted directory.
Explanation:
--dismount: Initiates the dismounting process.path/to/mounted_point: Specifies the directory where the volume is currently mounted.
Example output:
Dismounted volume
Conclusion:
The veracrypt command provides a convenient way to create, decrypt, and manage encrypted volumes through its text user interface. Whether you need to create a new volume, mount an encrypted volume, or dismount a mounted volume, Veracrypt offers a range of options to meet your disk encryption needs.
