VeraCrypt (formerly known as realcrypt and truecrypt) can be used to create an encrypted container on the local disk or to encrypt an entire device, such as a USB drive.
For personal devices and self-managed systems you can download packages for Windows, macOS and various Linux distributions from the official VeraCrypt website. If you wish to use it on a DICE system, you need to contact Computing Support as a small amount of setup is required.
VeraCrypt on DICE is tied to a combination of your DICE username and the DICE computer allocated to you. A USB drive encrypted using VeraCrypt will only be usable by you on your DICE computer, or on a Windows PC/laptop with VeraCrypt installed, providing you have administrator access. It does not currently work with AFS unfortunately.
User documentation is also provided on the official VeraCrypt website.
VeraCrypt is listed under 'Utilities' in the default desktop, or in a terminal, enter the command veracrypt. The main window will appear. Start by clicking 'create volume':
A wizard will appear. We only support creating an encrypted file container. We have separate instructions for making a secure USB stick for Linux. We select 'Create an encrypted file container' and click 'next':
Keeping it straightforward, select 'Standard VeraCrypt volume' and click 'next':
In this case we're going to use /disk/scratch. Read the warnings that if you select an existing file, it will be deleted. Click 'select file' to choose a directory and file name:
In this case, I've chosen a sub-directory within /disk/scratch and named the file 'test'. Click 'next':
The default algorithms of AES and SHA-512 should be sufficient, so leave them selected and click 'next':
Set the volume size, for example, 1 gibibyte. As this is an encrypted file, it will be initialised to this size and stay that size as you fill it. You will need to have sufficient free space in the directory you've chosen. Click 'next':
Set your volume password for the volume you are creating. If you forget this password it will not be possible to recover you data. Click 'next':
Choose your filesystem options. The default 'FAT' filesystem has been chosen as this is interoperable with Linux, Windows and macOS. Click 'next':
Follow the instructions to move your mouse randomly. When you get bored, click 'format':
That's it! Click 'OK' and then exit the wizard:
To use your encrypted container, return to the main VeraCrypt window. Select an available slot by clicking on it, then click 'select file':
Continue using the 'mount' button to be prompted for the volume password you entered earlier:
You'll next by prompted for your DICE user password:
Your encrypted volume will now be listed in the main window along with it's mount directory. You can find this in the terminal or file browser.
That's it ready for use like any other folder. When you're done, click 'dismount' (or 'dismount all') and exit VeraCrypt.
There is also a command line version; veracrypt --help should tell you all you need to know and more. If you don't want to have any GUI interaction, try unsetting DISPLAY in a subshell:
(unset DISPLAY; veracrypt --help)