Veracrypt is a free open source disk encryption tool that we can use to encrypt sensitive data.
Create a keyfile.
We create a keyfile to work in conjunction with a password to
generate the symmetric key that VeraCrypt will use to encrypt the volume.
The keyfile is there to improve against bruteforce attacks. Save the keyfile as whatever
you want (I choose
veracrypt -t --create-keyfile
Awkwardly type 320 random characters, hoping that nobody thinks you are only pretending to work.
Create a new veracrypt volume (interactive).
-k secret.key specifies your keyfile(s). Omit if not using a keyfile.
veracrypt -t -k secret.key -c
Mount the veracrypt volume.
encrypted is the device or file that has been encrypted using veracrypt,
plaintext is the folder you wish to mount to.
It will ask you to enter the password,
PIM and whether to protected the hidden volume.
Only the password is needed, the rest you can simply press enter for.
mkdir -p plaintext veracrypt -t -k secret.key ./encrypted ./plaintext
Your decrypted drive should now be accessible in the
plaintext directory and you can do your work.
Unmount your volume.
veracrypt -d ./encrypted
⚠️ Important: Save both the keyfile and the password somewhere secure. You can use
to convert the binary keyfile to base64 for easier export.