Encrypt drives in Linux
Undercover operative Mayank Sharma reveals the secrets of VeraCrypt to help you hide your data from unscrupulous invaders of privacy... or your mum.
Asimple user password is not enough protection for your critical data and personal files. To truly protect your files from being routinely accessed, manipulated or disappeared as some miscreants are wont to do, you must encrypt your data.
If done right, encrypted data appears unintelligible to people without the means to decrypt it. The most basic option to protect yourself is to individually encrypt each of your sensitive files. But this is a timeconsuming and tedious process and requires routine decryption of such files which is a further waste of time. The smarter way is to create an encrypted disk or partition, which would automatically encrypt everything stored within.
This is where VeraCrypt shines. It enables you to carve a virtual slice out of your Linux storage space which acts as a standalone encrypted filesystem. You then mount it, use it to store and read files as you would from a normal partition, then unmount it when you’re done without leaving any clues behind.
HIDEY HOLES
VeraCrypt, which is based on version 7.1a of the now-defunct TrueCrypt, has inherited its parent’s vast functionality and also some quirks like its licence, which is why it isn’t available in any distribution’s (distro) software repository (repos). In a stark departure from other popular Linux tools, the project also doesn’t supply its own packages for popular distros, but installing it is a trivial affair nonetheless. You simply grab the tarball available on the website and uncompress it to access the console and graphical installation scripts for 32- and 64-bit machines. As Ubuntu already ships with the FUSE library, you only need to install VeraCrypt’s other dependency, device mapper tools. You can do just that with the following command: sudo apt-get install dmsetup
VeraCrypt supports on-the-fly encryption, which means it encrypts data before saving it and automatically decrypts it upon loading, without any user intervention. It makes full use of your modern hardware at its disposal, minimising the lag due to the overhead of converting unintelligible bit stream into meaningful data that can be read by your text editor or played by your media player.
The first step towards hiding your data is to create an encrypted volume to store files on. Launch the app, and click on the ‘Create Volume’ button. This launches the Volume Creation Wizard which enables you to either create a virtual encrypted disk within a file or an encrypted volume within an entire partition, even a disk such as a removable USB drive.
CREATING AN ENCRYPTED VOLUME
When you select the first option to create a virtual disk, VeraCrypt asks you to point it to a file on the disk which will serve as the encrypted volume. If the file exists, VeraCrypt will recreate it, using one of the eight encryption algos. Next, specify the size of the encrypted volume, and the filesystem format. The final step is to choose a password to mount the encrypted volume.
To store files on the volume, you’ll have to mount it, so select the encrypted volume file from the VeraCrypt main interface, press the ‘Mount’ button and enter the password when prompted. You can access additional settings such as the option to mount a volume as read-only, if all you wish to do is read files from it, by clicking ‘Option’ at the bottom-right of the password dialog box.
By default, VeraCrypt doesn’t remember the name of the file you’re using as an encrypted volume. This is a security feature and adds another roadblock in the path of an intruder. If you ask the application to remember the name of the file, anyone with physical access to your machine can select the file from a pull-down menu and mount the encrypted volume. However, they will still have to get past your password. When mounted, you can save files to an encrypted volume just like you would to a regular volume.
You must always dismount volumes as soon as you’re done. When it isn’t mounted, the encrypted filesystem appears to be a random jumble of bits. You can think of it as a file that’s got its 1s and 0s mixed up and hence can’t be read by any application.