All Articles

Veracrypt Cheatsheet

Veracrypt is a free open source disk encryption tool that we can use to encrypt sensitive data.

Create a keyfile.

We create a keyfile to work in conjunction with a password to generate the symmetric key that VeraCrypt will use to encrypt the volume. The keyfile is there to improve against bruteforce attacks. Save the keyfile as whatever you want (I choose secret.key).

veracrypt -t --create-keyfile

Awkwardly type 320 random characters, hoping that nobody thinks you are only pretending to work.

Create a new veracrypt volume (interactive).

-k secret.key specifies your keyfile(s). Omit if not using a keyfile.

veracrypt -t -k secret.key -c

Mount the veracrypt volume.

encrypted is the device or file that has been encrypted using veracrypt, plaintext is the folder you wish to mount to.

It will ask you to enter the password, PIM and whether to protected the hidden volume. Only the password is needed, the rest you can simply press enter for.

mkdir -p plaintext
veracrypt -t -k secret.key ./encrypted ./plaintext

Your decrypted drive should now be accessible in the plaintext directory and you can do your work.

Unmount your volume.

veracrypt -d ./encrypted

⚠️ Important: Save both the keyfile and the password somewhere secure. You can use base64 secret.key to convert the binary keyfile to base64 for easier export.


Published Jul 4, 2019

Security Engineer with a dash of software. Originally from Stockholm, now in Berlin. I like to hack things.