If you’re looking for a simple and powerful way to encrypt everything from system drives to backup discs to everything in between, VeraCrypt is an open-source tool that will help you lock up your files. Read on as we show you how to get started.
The best way to secure files you don’t want others seeing is encryption. Encryption essentially uses a secret key to turn your files into unreadable gibberish—unless you use that secret key to unlock them.
TrueCrypt was a popular open source, on-the-fly encryption application that allowed you to work with encrypted files as you would work on files located on a regular drive. Without on-the-fly encryption, actively working with encrypted files is an enormous pain and the outcome is usually either that people simply do not encrypt their files or they engage in poor security practices with their encrypted files because of the hassle of decrypting and encrypting them.
TrueCrypt is now discontinued, but the project has been continued by a new team under a new name: VeraCrypt.
With VeraCrypt’s on-the-fly system, you can create an encrypted container (or even an entirely encrypted system drive). All the files within the container are encrypted, and you can mount it as a normal drive with VeraCrypt to view and edit the files. When you’re done working with them, you can just unmount the volume. VeraCrypt takes care of everything, keeping the files temporarily in the RAM, sweeping up after itself, and ensuring your files remain uncompromised.
VeraCrypt can encrypt your entire drive too, at least on some PCs, but we generally recommend Windows’ built-in Bitlocker for this purpose instead. VeraCrypt is ideal for creating encrypted volumes for groups of files, rather than encrypting your entire boot drive. Bitlocker is a better choice for that.
Technically, you can still use older versions of TrueCrypt if you like, and you can even follow along with this very guide, since TrueCrypt and VeraCrypt are nearly identical in interface. VeraCrypt has fixed some of the minor problems brought up in TrueCrypt’s code audit, not to mention audits of its own code. It’s improvements to TrueCrypt’s base have set the stage for it to be a real successor, and while it’s a bit slower than TrueCrypt, but plenty of security experts like Steve Gibson say it’s a good time to make the jump.
If you’re using an old version of TrueCrypt, it isn’t incredibly urgent that you switch—it’s still pretty solid. But VeraCrypt is the future, so if you’re setting up a new encrypted volume, it’s probably the way to go.
For this tutorial, you’ll only need a few simple things:
That’s it! You can grab a copy of VeraCrypt for Windows, Linux, or Mac OS X and then settle in at a computer that you have administrative access to (you can’t run VeraCrypt on a limited-privilege/guest account). For this tutorial we’ll be using the Windows version of VeraCrypt and installing it on a Windows 10 machine.
Download and install VeraCrypt as you would any other application. Just double-click the EXE file, follow the instructions in the wizard, and select the “Install” option (The extract option is of interest to those who wish to extract a semi-portable version of VeraCrypt; we will not be covering that method in this beginner’s guide.) You’ll also be given a battery of options like “Install for all users” and “Associate .hc file extension with VeraCrypt”. We left all of them checked for the sake of convenience.
Once the application finishes installing, navigate to the Start Menu and launch VeraCrypt. You’ll be greeted with the screen below.
The very first thing you’ll need to do is create a volume, so click on the “Create Volume” button. This will launch the Volume Creation Wizard and prompt you to choose one of the follow volume types:
Volumes can be as simple as a file container you place on a drive or disk or as complex as a whole-disk encryption for your operating system. We’re going to keep things simple for this guide and focus on getting you set up with an easy-to-use local container. Select “Create an encrypted file container”.
Next, the Wizard will ask you if you want the create a Standard or a Hidden volume. Again, for the sake of simplicity, we’re going to skip messing around with Hidden Volumes at this point. This is no way lowers the encryption level or security of the volume we’re creating as a Hidden Volume is simply a method of obfuscating the location of the encrypted volume.
Next, you’ll need to pick a name and location for your volume. The only important parameter here is that your host drive have enough space for the volume you with to create (i.e. if you want a 100GB encrypted volume you’d better have a drive with 100GB of free space). We’re going to throw our encrypted volume on a secondary data drive in our desktop Windows machine.
Now it’s time to pick your encryption scheme. You really can’t go wrong here. Yes there are a lot of choices, but all of them are extremely solid encrypt schemes and, for practical purposes, interchangeble. In 2008, for example, the FBI spent over a year trying to decrypt the AES encrypted hard drives of a Brazilian banker involved in a financial scam. Even if your data-protection-paranoia extends up the level of acronym agencies with deep pockets and skilled forensics teams, you can rest easy knowing your data is secure.
In the next step, you’ll select the volume size. You can set it in KB, MB, or GB increments. We created a 5GB test volume for this example.
Next stop, password generation. There is one important thing to keep in mind here: Short passwords are a bad idea. You should create a password at least 20 characters long. However you can create a strong and memorable password, we suggest you do it. A great technique is to use a passphrase instead of a simple password. Here’s an example: In2NDGradeMrsAmerman$aidIWasAGypsy. That’s better than password123 any day.
Before you create the actual volume, the creation Wizard will ask if you intend to store large files. If you intend to store files larger than 4GB within the volume, tell it so—it will tweak the file system to better suite your needs.
On the Volume Format screen, you’ll need to move your mouse around to generate some random data. While just moving your mouse is sufficient you could always follow in our footsteps—we grabbed our Wacom tablet and drew a picture of Ricky Martin as an extra on Portlandia. How’s that for random? Once you’ve generated enough random goodness, hit the Format button.
Once the format process is complete, you’ll be returned to the original VeraCrypt interface. Your volume is now a single file wherever you parked it and ready to be mounted by VeraCrypt.
Click the “Select File” button in VeraCrypt’s main window and navigate to the directory where you stashed your VeraCrypt container. Because we’re extraordinarily sneaky, our file is in D:\mysecretfiles. Nobody will ever think to look there.
Once the file is selected, pick from one of the available drives in the box above. We selected J. Click Mount.
Enter your password and click OK.
Let’s go take a look at My Computer and see if our encrypted volume was successfully mounted as a drive…
Success! One 5GB volume of sweet encrypted goodness, just like the kind mom used to make. You can now open the volume and pack it full of all the files you’ve been meaning to keep from prying eyes.
Don’t forget to securely wipe the files once you’ve copied them into the encrypted volume. Regular file system storage is insecure and traces of the files you’ve encrypted will remain behind on the unencrypted disk unless you properly wipe the space. Also, don’t forget to pull up the VeraCrypt interface and “Dismount” the encrypted volume when you aren’t actively using it.