When you want to encrypt several files or folders, one easy way is creating a virtual encrypted drive which you can mount on your computer like a regular drive. I will show you two of the most popular applications to do this: VeraCrypt and Cryptomator.

Table of Contents

VeraCrypt

VeraCrypt creates virtual encrypted disks inside files, so you only need to manage one file when it’s encrypted. To download this application, go to https://www.veracrypt.fr/en/Downloads.html. There are packages for Debian, Ubuntu, CentOS, Fedora and openSUSE. It is also available in Arch Linux official repositories.

Open VeraCrypt and click on “Create Volume”.

VeraCrypt

You can encrypt non-system partitions (like on a USB) but we are going to create a virtual encrypted disk. Select “Create and encrypted file container” and click “Next”.

VeraCrypt

In the next window, select “Standard VeraCrypt volume” and click “Next”. You can also create “hidden volumes”. A hidden volume is a volume inside another volume that has another password so if the password of the outer volume is compromised, the attacker will only see what appears to be an empty drive.

Veracrypt

Now, select the location of your virtual disk. Click “Select file”, and select a location and a filename for the encryted file. Click “Save” and “Next”.

Veracrypt

Under “Encryption Options” you can leave the default and click “Next”.

Veracrypt

In the next window, type the size of your virtual disk. Ensure the size is enough for your needs. Click “Next”.

Veracrypt

Type a password for the volume and click “Next”.

Veracrypt

Choose a filesystem format for the virtual disk. The default option (FAT) is a good choice specially because it’s a Windows-compatible format. Click “Next”.

Veracrypt

In the next window, you need to create randomness for the encryption process by moving your mouse randomly inside the window. You’ll see a bar fill up. When you think there is enough randomness, click “Format”.

Veracrypt

When the volume has been created, you can press “Exit” to go back to the main window. Now, select one of the empty slots (there are several because you can have several virtual disks mounted at the same time) and click “Select File”. Select your new encrypted file and click “Open”. Finally, click “Mount” and type the password you created before. You may need to also type your user password in order to mount the virtual disk (because it needs root permissions).

Now you can add your files to the mounted drive and click “Dismount” when you are finished.

Cryptomator

Cryptomator works similar to Veracrypt but, instead of create a single encrypted file, creates a folder (“vault”) with several files. It’s available on Flatpak, AppImage and on some system repositories.

Start by opening Cryptomator and clicking “Add Vault”.

Cryptomator

Click “Create new Vault” and type a name for the vault. Click “Next”.

Cryptomator

Cryptomator

Select a location for the vault. Cryptomator will create a folder inside that location. Click “Next”.

Cryptomator

Type a password and click “Next”. You can create a recovery key to use if you don’t remember the password.

Cryptomator

And that’s it. You can click “Done” or “Unlock Now” if you want to mount your new vault.

Cryptomator

When you unlock your vault, a pop-up window will display and you can select “Reveal Drive” to open a file manager at the mount location.

Cryptomator

Finally, when you are finished, click “Lock” to unmount the virtual disk.

Using dd and LUKS

You can create a virtual disk using dd and format it with LUKS using cryptsetup. Just create an empty file with the desired size:

dd if=/dev/zero of=mydisk bs=1M count=100

Then follow the steps on Encrypting a device with LUKS, replacing the device name with your new file (you can run crypsetup luksFormat <file> as an ordinary user).

If you have any suggestion, feel free to contact me via social media or email.