Create an Encrypted Container To Hide All Your Secrets With VeraCrypt
Once upon a time, there was an encryption protocol called TrueCrypt. It was said to be totally impregnable with the FBI unable to break in. Then the TrueCrypt project was suddenly shut down and rumors started flying that the FBI had finally busted its encryption.
TrueCrypt has now been replaced by VeraCrypt which, from the outside, looks more or less identical. But unless your enemy is a government or an evil emperor on a fully operational Death Star, VeraCrypt is more than sufficient to keep nosy parents, spouses, and roommates from reading your private business (porn).
In this first part of a three-part article, I will be showing you how to set up an encrypted volume with VeraCrypt. In part two, I will show you how to hide a hidden section inside the encrypted volume for extra super-special security. In part three, I will explain how to encrypt your entire operating system with the program.
Setting Up VeraCrypt For The Very First Time
Now install the program as you usually would with any other program.
Opening It Up
When you open up the program, this is what you will see.
The first step is to click “Create Volume”. This now pops up.
Today, we’re going with door number one. So click on “Create an encrypted file container” and then “Next”.
The hidden volume option will be discussed in more depth in part two. So for the moment, choose “Standard VeraCrypt volume” and then “Next”.
The next step is to specify the location of the encrypted volume and the name of it. Click on “Select File” and navigate to the folder where you want to put it. Then type the name of it. Both the location and the name can be changed later if need be.
The next screen now asks you to choose your encryption algorithm. It will default to AES, which is perfectly fine. If it’s good enough for the US Government’s Top Secret files, then it’s good enough for your Katy Perry albums. No need to overthink this one.
Equally, don’t touch the hash algorithm, unless you absolutely know what you’re doing.
You now need to decide how big the volume has to be.
You have to take two considerations into account.
- What will the encrypted volume be used for? Videos and music for example will need a larger volume than just purely files.
- How much free space do you have on your computer? VeraCrypt volumes can be moved onto removable media such as USB sticks and portable hard-drives. Or cloud storage. But you need to find out in advance if you have the storage space needed, as changing the volume size later is not possible.
For the purposes of this article, I went with 1GB. But my main VeraCrypt volume is 150GB.
Now the most important part of all – the password.
Before choosing a password, you have to remember the following. VeraCrypt does not, for the sake of security, do password resets or password reminders. So if you forget your password, you are quite literally up the creek without the proverbial paddle.
So although the password should not be something stupid like “12345”, it should also be something you will always remember.
I would avoid keyfiles and PIM’s for the moment. They have the potential to make your volume much more secure but you need to have a solid understanding of how they work. I am still trying to figure it out so I am not going to expect you to suddenly become an expert in it. Let’s keep it simple for now.
Last of all, it’s time to generate your encryption keys.
Move your mouse randomly around the VeraCrypt window until the red bar at the bottom gets to the other end and turns green. As the window says, the longer you move it and the more random the moves, the better the encryption strength.
When the bar at the bottom is green, click “Format” and your volume will be made and placed in the location you specified.
Opening Up Your VeraCrypt Volume
Now that you have your nice shiny new volume, it’s time to open it up and hide some files in there.
Go back to the VeraCrypt main window, highlight a drive letter with your mouse, click “Select File”, and double-click the volume. Remember not to use any drive letters currently being used by other drives, portable media or software. When the volume is showing, click “Mount”.
I would advise you to keep “Never save history” ticked. Otherwise, VeraCrypt will keep a record of all the volume locations on your computer that were recently accessed.
Now enter your password. “TrueCrypt Mode” is only for people who had old TrueCrypt volumes which were suddenly rendered useless when the software was abandoned. But you can ignore that if you have never used TrueCrypt.
Once the password has been successfully entered, go to Windows Explorer (or Finder if you are using MacOS) and you will see the volume “mounted” as a drive.
Or you can double-click on the volume in VeraCrypt to be taken directly there.
Now you can just drag files into the volume and they will show up.
To close the volume and secure the files, click “Dismount” on the VeraCrypt window.
And that is how to make an encrypted folder/volume. You can create as many of these as you want – VeraCrypt does not impose any limits. Of course, the more volumes you have on the go, the more passwords you have to remember. So maybe don’t go too crazy.
Next time, we’ll look at hidden volumes within normal volumes. Stay tuned for that.