Create Hidden Encrypted Volume on USB Drive Using VeraCrypt

In this tutorial, we are going to learn how to encrypt a USB drive using the free and open-source VeraCrypt program. By encrypting your external drive, your sensitive data is protected if any unexpected event happens such as it being lost or stolen. We will also learn how to mount the encrypted USB drive to the Linux file system.

VeraCrypt Features

  • Support FAT, exFAT, EXT2, EXT3, EXT4 and Btrfs file system.
  • Full-disk encryption
  • Create encrypted file container
  • Create hidden encrypted volumes
  • Allows you to install a hidden encrypted operating system, which I think is more useful than Tails Linux for Journalists and dissidents.
  • Available for Linux, macOS, Windows, and BSD.
  • GUI mode and console mode

Step 1: install VeraCrypt on Linux

Arch Linux

VeraCrypt is included in Arch Linux repository, so Arch Linux users can run the following command to install it.

sudo pacman -S veracrypt

VeraCrypt provides official .deb and .rpm packages for Debian, Ubuntu, Fedora, CentOS, OpenSUSE. (Note: You can learn how to verify the integrity of VeraCrypt package before installing it.)

Ubuntu 22.04

wget https://launchpad.net/veracrypt/trunk/1.25.9/+download/veracrypt-1.25.9-Ubuntu-22.04-amd64.deb

sudo apt install ./veracrypt*.deb

Ubuntu 20.04

wget https://launchpad.net/veracrypt/trunk/1.25.9/+download/veracrypt-1.25.9-Ubuntu-20.04-amd64.deb

sudo apt install ./veracrypt*.deb

Debian 11

wget https://launchpad.net/veracrypt/trunk/1.25.9/+download/veracrypt-1.25.9-Debian-11-amd64.deb

sudo apt install ./veracrypt*.deb

Fedora/CentOS

wget https://launchpad.net/veracrypt/trunk/1.25.9/+download/veracrypt-1.25.9-CentOS-8-x86_64.rpm

sudo dnf install ./veracrypt*.rpm

OpenSUSE

wget https://launchpad.net/veracrypt/trunk/1.25.9/+download/veracrypt-1.25.9-openSUSE-15-x86_64.rpm

sudo zypper install ./veracrypt*.rpm

Generic Installer

For other Linux distributions, you need to manually install VeraCrypt using the generic installer, which is packaged as a .tar.bz2 file.

Step 2: Using VeraCrypt to Encrypt USB Drive

Hint: Make sure your data on the external drive is backed up before following the instructions below.

Fire up the VeraCrypt program from your system application menu. Then click create volume button to create a new volume.

create volume in veracrypt

In the next window, select the 2nd option: Encrypt a non-system partition/drive.

veracrypt encrypt non-system partition drive

Now you can create a standard VeraCrypt volume or a hidden VeraCrypt volume. This tutorial is going to create a hidden VeraCrypt volume.

hidden veracrypt volume

In the next window, click Select Device button and choose a location for the outer volume. If you create a hidden encrypted volume on a USB flash drive, then select the location of the USB flash drive. Make sure you select the right one because it will be formatted and all data on that drive will be lost. My USB drive is /dev/sdc, but yours might be different.

veracrypt outer volume

Then Veracrypt displays a warning. Use the arrow key to select Yes to continue.

veracrypt encrypt entire device partition

Note: If this USB drive is already encrypted with other tools like LUKS, then you need to delete the encrypted volume in order to create VeraCrypt encrypted volume.

It requires root privileges to format a drive, so VeraCrypt will ask you to enter the sudo password.

veracrypt sudo password

Now you are presented with encryption options. You can choose any of these encryption algorithms since they are all very secure, but AES is much faster than the others and is widely used. If you are not sure what to select here, you can use the default settings.

veracrypt outer volume encryption options

Next, choose a good password for the outer volume.

veracrypt password for outer volume

Then choose the file system for the outer volume.

 outer volume file system

Next, move your mouse as randomly as possible within the VeraCrypt window to generate randomness for VeraCrypt encryption.

veracrypt randomness

Once the randomness bar reaches the end, click the Format button and select Yes to continue.

veracrypt caution

Once the outer volume is formatted, it will be automatically mounted as /media/veracrypt1/ by VeraCrypt. Click the Open outer volume button to open this directory in your file manager and put some files in it.

veracrypt open outer volume

Once the outer volume has some files, click the Next button. VeraCrypt will guide you to create the hidden volume.

veracrypt create hidden volume

You will need to choose an encryption algorithm and hash algorithm for the hidden volume. It’s a good practice to use different algorithm this time. For example:

  • Outer volume: AES,  SHA-512
  • Hidden volume: Serpent (Twofish(AES)),  Whirlpool.

hidden volume encryption options

Next, choose the hidden volume size. You can enter a number or choose all available free space. (Note: sometimes VeraCrypt might not allow you to continue without specifying a smaller size.)

hidden volume size

Then set a password for the hidden volume. It must be different from the outer volume password.

hidden volume password

Choose a file system format for the hidden volume.

hidden volume format

Move your mouse as randomly as possible within the VeraCrypt window to generate randomness for VeraCrypt encryption. Once the randomness bar reaches the end, click the Format button.

And the hidden volume will be created. To prevent damage to the hidden volume, you should avoid writing to the outer volume.

hidden volume best practice to prevent damage

Click the Exit button.

Mounting the Encrypted USB Drive

You can’t mount the USB drive in the normal way. If you want to see the content inside the encrypted USB drive, you will need to mount it via VeraCrypt.

First, select a drive slot in the upper part of the VeraCrypt main window.

veracrypt drive slots

Then click Select Device button to select your USB drive.

encypte usb drive using veracrypt linux

Next, click the Mount button on the bottom-left corner in the VeraCrypt main window.

veracrypt mount encrypted volume

You will need to enter the password for the outer volume.

enter password for the outer volume

You also need to enter your sudo password, because Linux requires root privilege to mount a drive.

Administrator privileges required

 

Once it’s mounted, you can access it via file manager. VeraCrypt also tells you the mount point, and you can right-click on it and select Open to open it in file manager.

veracrypt open outer volume in file manager

In the file manager, you won’t find the hidden volume. So how do you open the hidden volume?

Actually, the process is the same as mounting the outer volume. First, you should unmount the outer volume by clicking the dismount button. Then click Select Device to choose the USB drive, and click the Mount button. This time, you should enter the password for the hidden volume.

  • If you enter the outer volume password, VeraCrypt will mount the outer volume.
  • If you enter the hidden volume password, VeraCrypt will mount the hidden volume.

Wrapping Up

I hope this tutorial helped you encrypt USB drives on Linux. As always, if you found this post useful, then subscribe to our free newsletter or follow us on Twitter or like our Facebook page.

Rate this tutorial
[Total: 13 Average: 4.8]

2 Responses to “Create Hidden Encrypted Volume on USB Drive Using VeraCrypt

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here