Veracrypt is a free open source disk encryption tool that we can use to encrypt sensitive data.
We create a keyfile to work in conjunction with a password to
generate the symmetric key that VeraCrypt will use to encrypt the volume.
The keyfile is there to improve against bruteforce attacks. Save the keyfile as whatever
you want (I choose secret.key
).
veracrypt -t --create-keyfile
Awkwardly type 320 random characters, hoping that nobody thinks you are only pretending to work.
-k secret.key
specifies your keyfile(s). Omit if not using a keyfile.
veracrypt -t -k secret.key -c
encrypted
is the device or file that has been encrypted using veracrypt, plaintext
is the folder you wish to mount to.
It will ask you to enter the password, PIM
and whether to protected the hidden volume.
Only the password is needed, the rest you can simply press enter for.
mkdir -p plaintext
veracrypt -t -k secret.key ./encrypted ./plaintext
Your decrypted drive should now be accessible in the plaintext
directory and you can do your work.
veracrypt -d ./encrypted
⚠️ Important: Save both the keyfile and the password somewhere secure. You can use base64 secret.key
to convert the binary keyfile to base64 for easier export.