Encryption using VeraCrypt

In this article are instructions on the use of the external drive encryption software from VeraCrypt. VeraCrypt works across Microsoft Windows, MacOS, and Linux (https://www.veracrypt.fr/en/Supported%20Operating%20Systems.html).

Table of Contents

Download and Install VeraCrypt

Download VeraCrypt for your operating system from here: https://www.veracrypt.fr/en/Downloads.html and install it onto your computer.

External Drive - Full Disk Encryption

Encrypt External Drive

***IMPORTANT: With an attached external drive (e.g., a USB drive), the setup process will delete all existing files on this external drive. Backup any files on this drive you wish to save or restore. Be sure you select the right drive and partition before encrypting***

  1. Open VeraCrypt and select Create Volume.
  2. In the VeraCrypt Volume Creation choose where you wish the VeraCrypt volume to be created. A VeraCrypt volume can reside in a file, which is also called container, in a partition or drive. For these instructions, choose the second option, Encrypt a non-system partition/drive, and then click Next.
  3. Click on Standard VeraCrypt Volume, then click Next.
  4. Make sure the Never save history option is checked, then click on Select Device.
  5. Select the external drive you wish to encrypt. Make sure you select the "Partition".
  6. Verify the correct partition is populated, and then click Next.
  7. If you want to delete all of the data on your drive or if the drive is empty, select the Create encrypted volume and format it option. If you want to preserve and encrypt the files on your drive, select the Encrypt partition in place option. Click Next when ready.
  8. ***IMPORTANT: With an attached external drive (e.g., a USB drive), the setup process will delete all existing files on this external drive. Backup any files on this drive you wish to save or restore.***
  9. The default Encryption Algorithm should be AES and the default Hash Algorithm should be SHA-512. If not, change to AES and SHA-512, the click Next.
  10. Verify the Volume Size matches the size of the external drive you are encrypting. You should not be able to modify this. Click Next when are sure you have the right volume selected.
  11. Enter a complex password, which will be used to encrypt the volume. Follow the guidance in this window to help you create a complex password. Click Next after you have entered the password twice.
  12. Select Yes for this screen and then click Next.
  13. Verify the Filesystem is set to exFat. Now move the mouse as randomly as possible within the Volume Creation Wizard window until the Randomness Collected From Mouse Movements indicator becomes green. The longer you move the mouse the better, as this significantly increases the cryptographic strength of the encryption keys. Click Format when ready.
  14. You will receive a final warning about all data being erased on this external drive. Click Yes when ready.
  15. ***IMPORTANT: With an attached external drive (e.g., a USB drive), the setup process will delete all existing files on this external drive. Backup any files on this drive you wish to save or restore.***
  16. The external drive will now begin formatting and encrypting.
  17. Once complete, you may receive this warning. In this example, when the external drive was connected the E: drive was used. Click OK when ready.
  18. The external drive is now encrypted.

Mounting Encrypted External Drive

  1. From the main VeraCrypt window select an available drive letter. This will be where the VeraCrypt encrypted external drive will be mounted. Then click on the Select Device button.
  2. Select the partition you used for the setup. In this example we are selecting Partition 1. Click OK when ready.
  3. Confirm the partition you selected is populating. In this example you will see \Device\Harddisk1\Partition1. Once confirmed, click Mount.
  4. Enter the password you used to create the encrypted external drive. Click OK when ready.
  5. Verify the drive you selected is now populated with the encrypted external drive you connected to your computer. Click Exit when ready. You will now see the drive letter selected as a location to copy files.

Dismounting the Encrypted External Drive

  1. Select the volume from the list of mounted volumes in the main VeraCrypt window and then click Dismount.
  2. To make files stored on the encrypted external drive accessible again, follow the steps in the Mounting the Encrypted External Drive section.
  3. If you restart Windows or turn off your computer, the encrypted external drive will be also be dismounted.
  4. Regardless of which way the encrypted external drive is dismounted, the files in the encrypted external drive remain encrypted.

Veracrypt Container Encryption

Creating an Encrypted File Container

  1. After installing VeraCypt, open and select Create Volume.
  2. In the VeraCrypt Volume Creation choose where you wish the VeraCrypt volume to be created. A VeraCrypt volume can reside in a file, which is also called container, in a partition or drive. For these instructions, choose the first option, Create an encrypted File Container, and then click Next.
  3. Select Standard VeraCrypt volume and then click Next. As the option is selected by default, you can just click Next.
  4. Select where the VeraCrypt volume (file container) is to be created. Note that a VeraCrypt container is like any normal file and can be moved and deleted. Click Select File.
  5. In this example, we will create the VeraCrypt volume in the folder F:\Data\ and the filename of the volume (container) will be "My Volume".
    • You may choose any other filename and location based on your situation (e.g., on a USB Drive). Please note the file My Volume does not exist – VeraCrypt will create this volume as part of this setup.
    • IMPORTANT: If you select an existing file, this file will be overwritten by VeraCrypt and replaced with a newly created volume.
    • Select the desired path (where you wish the container to be created) in the file selector (for example, F:\Data).
    • Type the desired container file name (for example, My Volume) in the File name box and then click Save.
  6. In the Volume Location window, click Next.
  7. The default Encryption Algorithm should be AES and the default Hash Algorithm should be SHA-512. If not, change to AES and SHA-512, the click Next.
  8. Enter this size of the VeraCrypt container. This window informs you how much space is available. Click Next when ready.
  9. Enter a complex password, which will be used to encrypt the volume. Follow the guidance in this window to help you create a complex password. Select Next after you have entered the password twice.
  10. Move the mouse as randomly as possible within the Volume Creation Wizard window until the Randomness Collected From Mouse Movements indicator becomes green. The longer you move the mouse the better, as this significantly increases the cryptographic strength of the encryption keys. Click Formatwhen ready.
  11. VeraCrypt will now create a file called My Volume in the folder F:\Data. This file will be a VeraCrypt container (it will contain the encrypted VeraCrypt volume). The following box will appear once the encrytion is complete:
  12. The VeraCrypt volume (file container) has now been successfully created. Click Exit.
  13. Refer to the Mounting the Encrypted File Container steps to begin using this created encrypted file container.

Mounting an Encrypted File Container

  1. From the main VeraCrypt window select a drive letter. This will be the drive letter the VeraCrypt container is mounted. For this example, the M drive has been selected. You will choose any available drive letter.
  2. Click Select File.
  3. Browse to the container file you previously created (e.g., My Volume), clock on the file, and then select Open.
  4. Next, click Mount.
  5. Enter the Password you provided during the setup process. Then Select the PRF algorithm used during the creation of the volume (SHA-512 is the default PRF used by VeraCrypt).
    • If you do not remember which PRF was used, select Autodetection. Select OK when ready. VeraCrypt will now attempt to mount the volume.
  6. The virtual disk has now been successfully mounted. In this example the M Drive has been mounted. The virtual disk is entirely encrypted (including file names, allocation tables, free space, etc.). You can now save, copy, or move files to this virtual disk and they will be encrypted. When accessing a file on the mounted volume you will not be asked for the password again. You can open the mounted volume by selecting it on the list as shown in the screenshot below (blue selection) and then double-clicking on the selected item.
  7. You can also browse to the mounted volume the way you normally browse to any other types of volumes. Copy files/folder to and from the VeraCrypt volume as you would with any normal drive.

Dismounting an Encrypted File Container

  1. Select the volume from the list of mounted volumes in the main VeraCrypt window and then click Dismount. To make files stored on the volume accessible again, follow the steps in the Mounting the Encrypted File Container section.
  2. If you restart Windows or turn off your computer, the volume will be also be dismounted.
  3. Regardless of which way the volume is dismounted, the files in the encrypted container remain encrypted.
Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 1816
Created: Thu, 18 Jun 2020 3:54pm
Modified: Thu, 18 Jun 2020 3:55pm