You are here

Container encryption using Veracrypt

Veracrypt (formerly known as realcrypt and truecrypt) can be used to create an encrypted container on the local disk or to encrypt an entire device, such as a USB drive.

For personal devices and self-managed systems you can download packages for Windows, MacOS and various Linux distributions from the official Veracrypt website. If you wish to use it on a DICE system you need to contact Computing Support as a small amount of setup is required.

Veracrypt on DICE is tied to a combination of your DICE username and the DICE computer allocated to you. A USB drive encrypted using veracrypt will only be usable by you on your DICE computer, or on a Windows PC/laptop with veracrypt installed, providing you have administrator access. It does not currently work with AFS unfortunately.

User documentation is also provided on the official veracrypt website.

In a terminal, enter the command

veracrypt

this initial screen will pop up. Click 'create volume':

The wizard will appear. If you want to encrypt an entire USB drive go to this page, but in this case we'll go for an encrypted file container on the local disk - select appropriately and click 'next':

Keeping it straightforward, select 'standard veracrypt volume' and click 'next':

In this case we're going to use /disk/scratch. Read the warnings and click 'select file' :

I've made a subdir in my directory on disk/scratch with the container named 'test'. Click 'next':

Choose your favourite encryption and hash algorithms and click 'next':

Set the volume size and click 'next':

Set your volume password and choose to use keyfiles or not. These selections only apply to the volume you are creating. Click 'next':

Choose your filesystem options. FAT is default. Click 'next':

Follow the instructions to move your mouse randomly. When you get bored, click 'format':

That's it! Click 'OK' and exit veracrypt:

To use your encrypted container, start up veracrypt again and click 'select file':

Select 'mount':

Enter your volume password:

followed by your DICE password:

Your encrypted volume will appear in the box:

That's it ready for use like any other folder. When you're done, click 'dismount' and exit veracrypt.

There is also a command line version;

veracrypt --help 

should tell you all you need to know and more.

Last reviewed: 
28/03/2023

System Status

Home dirs (AFS)
Network
Mail
Other services
University services
Scheduled downtime

Choose a topic