Locally encrypting your important documents and other sensitive files is a no-brainer, and if you’re not doing that yet, now is the time to start. In this post, we shall see how to create an encrypted container using free cross-platform utility VeraCrypt. A container is basically a file that can be mounted as a separate volume (or drive), and can hold other files and folders in it.
You may not have heard of VeraCrypt, but you’ve probably heard of TrueCrypt – widely considered the best encryption tool for desktop operating systems not too long ago. To everyone’s surprise, TrueCrypt was abruptly abandoned by its developers last year, who claimed the tool might contain unfixed security holes. This led to another group of developers forking TrueCrypt, fixing many of its vulnerabilities and security issues, and launching VeraCrypt as a worthy successor.
With that out of the way, lets see how to create a simple encrypted container with VeraCrypt.
VeraCrypt is cross-platform, so you need to download and install the proper setup file for your OS. Once installed, open the app and you should see this window:
In VeraCrypt’s main window, click on Tools > Volume Creation Wizard. Choose the first option, and click Next.
Select whether you want to create a standard, or a hidden encrypted volume. We’re going to create a standard volume here, but you can go ahead with the hidden option. A hidden volume can only reside inside a standard volume, so you’ll have to go through a few extra steps of creating a standard volume, and then a hidden one inside it.
You will now need to select a location and name for your container file. Make sure you place it somewhere safe and hidden – after all, the container is just a file and anyone with write access to it can still delete it, even if they can’t access the contents within. After choosing your location, give your container a name and, optionally, an extension. .hc is the official VeraCrypt extension, so you should use that to be able to double click the container and open it in VeraCrypt.
The next step is to choose the encryption algorithm. For excellent security and super fast encryption, choose the default option, AES. For the best security, but with severely degraded speed of encryption, go with a combination of AES, Twofish, and Serpent.
Set the size of your volume carefully, because you won’t be able to change it later. It’s a good idea to set it to two times the amount you think you’ll need. Bigger volumes take longer to encrypt/decrypt, something you have to keep in mind as well.
Time to set the password. Make it long and strong. You can use a “keyfile” along with a password for additional security, but keep in mind that your container cannot be decrypted if you happen to lose the keyfile (or, forget the password). Keyfiles can be risky, so we will just use a strong password here and save it in a secure password manager like LastPass.
We finally arrive at the last screen of the wizard. You can leave the filesystem and cluster as is, unless you plan to store files larger than 4GB, in which case choose NTFS. Checking the Dynamic box will make your container grow in size on-demand until it reaches the size that you set in step 6 – if you store nothing, its size will be 0 bytes. Now, move your mouse pointer vigorously and randomly within the window for as long as you like, the longer you do it, the stronger your volume’s encryption will be and the harder it will be to crack. Finally, click the Format button to start the encryption. Depending on the size you’ve set and the CPU power of your PC, it can take awhile for the container to be created. You’ll see a popup once it’s done.
The above steps may seem daunting, and they kind of are, but remember that you’ve to do all this just once. Once your encrypted container is created, putting files in it is quite easy. If you created a .hc container, you can just go to wherever it’s placed and double click on it. If you created a container with some other extension (or, no extension), you will have to open VeraCrypt, click on Select File, and open the file from the dialog. Once the file is added to VeraCrypt, click on the big Mount button at the bottom, enter your password (and add your keyfile, if used), and hit OK. VeraCrypt will decrypt the container and load it as a separate volume – you’ll see it as a removable drive in the file manager of your OS. Add your files to the drive, and after you’re done, go back to VeraCrypt and hit the Dismount button. VeraCrypt will encrypt the added the data, and eject the drive. Congrats, all your important data is now safe in your encrypted container!