Using virtual encrypted disks on Linux: VeraCrypt and Cryptomator
When you want to encrypt several files or folders, one easy way is creating a virtual encrypted drive which you can mount on your computer like a regular drive. I will show you two of the most popular applications to do this: VeraCrypt and Cryptomator.
Table of Contents
VeraCrypt creates virtual encrypted disks inside files, so you only need to manage one file when it’s encrypted. To download this application, go to https://www.veracrypt.fr/en/Downloads.html. There are packages for Debian, Ubuntu, CentOS, Fedora and openSUSE. It is also available in Arch Linux official repositories.
Open VeraCrypt and click on “Create Volume”.
You can encrypt non-system partitions (like on a USB) but we are going to create a virtual encrypted disk. Select “Create and encrypted file container” and click “Next”.
In the next window, select “Standard VeraCrypt volume” and click “Next”. You can also create “hidden volumes”. A hidden volume is a volume inside another volume that has another password so if the password of the outer volume is compromised, the attacker will only see what appears to be an empty drive.
Now, select the location of your virtual disk. Click “Select file”, and select a location and a filename for the encryted file. Click “Save” and “Next”.
Under “Encryption Options” you can leave the default and click “Next”.
In the next window, type the size of your virtual disk. Ensure the size is enough for your needs. Click “Next”.
Type a password for the volume and click “Next”.
Choose a filesystem format for the virtual disk. The default option (FAT) is a good choice specially because it’s a Windows-compatible format. Click “Next”.
In the next window, you need to create randomness for the encryption process by moving your mouse randomly inside the window. You’ll see a bar fill up. When you think there is enough randomness, click “Format”.
When the volume has been created, you can press “Exit” to go back to the main window. Now, select one of the empty slots (there are several because you can have several virtual disks mounted at the same time) and click “Select File”. Select your new encrypted file and click “Open”. Finally, click “Mount” and type the password you created before. You may need to also type your user password in order to mount the virtual disk (because it needs root permissions).
Now you can add your files to the mounted drive and click “Dismount” when you are finished.
Cryptomator works similar to Veracrypt but, instead of create a single encrypted file, creates a folder (“vault”) with several files. It’s available on Flatpak, AppImage and on some system repositories.
Start by opening Cryptomator and clicking “Add Vault”.
Click “Create new Vault” and type a name for the vault. Click “Next”.
Select a location for the vault. Cryptomator will create a folder inside that location. Click “Next”.
Type a password and click “Next”. You can create a recovery key to use if you don’t remember the password.
And that’s it. You can click “Done” or “Unlock Now” if you want to mount your new vault.
When you unlock your vault, a pop-up window will display and you can select “Reveal Drive” to open a file manager at the mount location.
Finally, when you are finished, click “Lock” to unmount the virtual disk.
Using dd and LUKS
You can create a virtual disk using dd and format it with LUKS using
cryptsetup. Just create an empty file with the desired size:
dd if=/dev/zero of=mydisk bs=1M count=100
Then follow the steps on Encrypting a device with LUKS, replacing the device name with your new file (you can run
crypsetup luksFormat <file> as an ordinary user).
If you have any suggestion, feel free to contact me via social media or email.