What is VeraCrypt?
VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. VeraCrypt is based on the (now-defunct) TrueCrypt.
As stated on their homepage (https://www.veracrypt.fr/en/Home.html), VeraCrypt is able to:
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time(on-the-fly) and transparent.
- Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
- Encryption can be hardware-accelerated on modern processors.
- Provides plausible deniability, in case an adversary forces you to reveal the password: Hidden volume (steganography) and hidden operating system.
- More information about the features of VeraCrypt may be found in the documentation
For our purpose, we are interested in the first feature – the ability to “create a virtual encrypted disk within a file and mount it as a real disk“. We will create a virtual encrypted disk and store the precious private key and seed words/phrase within the encrypted disk.
You can download VeraCrypt via the following link: https://www.veracrypt.fr/en/Downloads.html.
As my main machine is a Windows machine, the following “installation” pictures and notes are applicable for Windows.
Just accept the license term and click through the installer with all the defaults.
Creating VeraCrypt Container
Once installed, launch VeraCrypt and select “Create Volume” (in yellow highlights as shown in the picture below.
Click through the next two screens – “Creating an encrypted file container” and “Creating a standard VeraCrypt volume”.
Click on the “Select File” icon and key in your desired name for the file which will contain your VeraCrypt container. As an additional layer of security, you might want to select an inconspicuous name for the file, “Grocery/Shopping List” for instance.
Following the selection of the filename, you will be required to choose an encryption algorithm and hash algorithm. Personally, I have selected AES(TwoFish(Serpent)) as the encryption algorithm and SHA-512 as the hash algorithm.
After the algorithms selection, choose a size for your container. As a private key is not very large (in the order of kB), you can just choose a small container size (so that you can place the file in many many places as backups – more about this later). A good container size will be 1 to 10 MB.
After you click next, you will be presented with a screen to input your desired password.
Choosing A Good Password For Your VeraCrypt Container
Within the window prompt, the developers have provided some advice for a good password. Even though it may be good to have completely random combination of upper and lower case letters, numbers and special characters, it might prove a challenge to remember them. A forgotten password in this case will be disastrous. If you forget your password, your container is as good as lost.
Hence, to strike a middle ground, I will advise that you “generate” your password with the following characteristics:
- Made up of multiple words or phrases (that may or may not have any meaning to you)
- Insert numbers and special characters (between words or characters)
- Make your password as long as possible (the screenshot above shows that VeraCrypt can handle a 128 characters password)
Using A Keyfile
The VeraCrypt developers have added in an additional security option – the usage of keyfiles, which can be any kind of file. If you opt to use a keyfile, in order to “open” a VeraCrypt container, you will need to provide the correct password and the correct keyfile(s).
A would-be assailant will need to provide the correct keyfile(s) and considering the huge number of files within a normal Windows machine, this feat seems impossible.
Hence, if you want more security (at the expense of convenience), you can opt to use keyfile(s).
Mounting Your VeraCrypt Container
After you have created your volume, you might want to try mounting it. Open the VeraCrypt programme and choose your desired drive letter (any letter will do; just make sure it does not clash with any existing drives) and your VeraCrypt container. Click on “Mount” and you will be prompted for your password and keyfile(s) (if any).
What To Keep Inside Your VeraCrypt Container
Once the container is mounted, you can keep the private keys and/or seed words/phrase within the “drive” in the form of text files (.txt) or whatever format you prefer.
As an additional precaution, you can split the private keys and/or seed words/phrase in half. Half will go into the drive, the other half will stay on a piece of paper (or metal).
The advantage will be that you are able to ensure that any would-be assailant will require physical access to your place to piece the keys and words/phrase together.
Backup Your VeraCrypt Container & Keyfiles (if any)
As your VeraCrypt container is encrypted, it should be relatively safe to keep them on any commercial cloud storage. It will also be advisable for you to keep some local copies on spare and cheap thumbdrives – as additional backups.
This process isn’t so hard, eh?
Comment below if you face any problems or want to provide additional comments/suggestions.