Quick Links
-
Why Encrypt Your Folders?
-
How to Encrypt Your Files with VeraCrypt
Key Takeaways
- Encrypting folders prevents unauthorized access to its containing files and secures them behind a password.
- VeraCrypt is a free, open-source tool that can create encrypted folders on Linux in a few minutes.
- To use VeraCrypt, download the package for your distro from the VeraCrypt website, then run it and follow the encryption wizard’s prompts.
If you want to encrypt specific folders—and the files in them—on your Linux machine, you’ll have to use third-party tools to do so. In this guide I’ll show you how to easily create encrypted folders using VeraCrypt, a free and open-source program.
Why Encrypt Your Folders?
Encrypting a folder is the best way to prevent access to it by unauthorized people. You’re essentially password-protecting access to the folder, making it impossible to edit or even read its contents without the right credentials.
In my article on securing your Linux laptop, I recommend that you always encrypt your entire drive while installing Linux. However, this may not always be an option, or it could be that you want to limit access to specific folders as well as using full-disk encryption.
Note that encrypting files separately gets very tricky: in almost all cases it’s better to create an encrypted folder and store files in there. It has an added benefit that you can remove protection from these files by simply moving them out of the folder.
Encrypting folders separately isn’t something Linux can do by itself, you’ll have to use third-party software. This is where VeraCrypt comes in.
What Is VeraCrypt?
VeraCrypt is a free, open-source encryption tool that’s used by amateurs and professionals alike. It’s a fork (a program developed in parallel) of the now-discontinued TrueCrypt, an extremely popular encryption tool. It’s very easy to use and will run on Linux as well as Windows. For example, we also used it to encrypt a Windows system drive.
There are other TrueCrypt alternative out there besides VeraCrypt. However, we like VeraCrypt because getting it running takes just a few minutes and it has a long track record of keeping files secure without any real cybersecurity skills required. All you need is the ability to follow along with some instructions, you don’t need to know anything about encryption protocols.
How to Encrypt Your Files with VeraCrypt
First thing you need to do is to download and install VeraCrypt. For that, go to the VeraCrypt download page and pick the right package for your distro. For most distros, you can choose between a console version or a GUI. I’m using the graphical version for my Mint install.
Start the program, and you’ll come to the VeraCrypt interface. There’s a lot going on here, so let’s go over some basics.
The list of numbers is where you’ll place your volumes, which is VeraCrypt’s term for encrypted folders and drives—it also uses the term container. Any encrypted folder you create will be a separate volume. You create them by clicking on “Create volume” below the main window, to the left.
VeraCrypt will start the encryption wizard, which guides you through the process step by step; just remember to hit “Next” every time you enter your preference. To encrypt a folder, you want to “Create an encrypted file container,” which is selected by default.
Next, you get the choice to create a standard or hidden volume. For our purposes, standard (the default) is just fine. If you’re interested in some extra security, check out VeraCrypt’s explanation linked in the wizard.
Now you need to create a file that will become your encrypted volume. Under no circumstance should you choose an existing folder since, as the wizard explains, this will delete the original and all its contents. Just use the navigator to pick the folder where you want the container to live. For purposes of this article I made the name very obvious, but I recommend you be more circumspect.
That done, you choose your level of encryption, Unless you have very specific requirements, I wouldn’t change anything here. AES is a solid encryption protocol, and the hash algorithm is secure, as well. You can, if you want, click through in the wizard and read some more about what all this means, but the defaults should be fine for most people most of the time.
Next up, you set the size for the new volume. If you’re only going to store documents, one or two gigabytes should be fine, while images need a lot more than that. Whatever you do, don’t click on “Use all available free space” unless you’re sure that you need an encrypted folder the size of your hard drive.
Now comes the part that can be tricky, namely setting a password. I recommend you use our tips to create a strong password and then use a password manager to save it.
Then you’ll have to choose the file system the volume is in. If you’re not sure what that means, stick with the default (FAT).
Next is an odd, but cool, quirk of VeraCrypt. You need to shake your mouse like mad for about 30 seconds to set a high encryption of your volume. Make sure you only shake it inside the window. Once you’ve filled the bar in the center up, click on “format” at the bottom.
If all went well, a box will pop up telling you that “The VeraCrypt volume has been successfully created.” Acknowledge the message, then go to your file system, to where you created the volume.
Open the file and you’ll be prompted to select a program to do so. Pick VeraCrypt, enter the password you created, and then your Linux system’s admin password. VeraCrypt will do some work in the background, and then open the folder. You can now move files between windows like you would any other file.
If you want to access the folder at a later stage, remember to do so via the VeraCrypt interface; just click on the volume you want (I placed it in the number one spot).
That’s all there is to encrypting files on Linux with VeraCrypt. Though it may seem like an involved process, you can breeze through it in about five minutes using this guide. The only part that may be a little annoying is that to access or move files in and out of the encrypted volume you will need to fire up VeraCrypt every time. That seems like a small price to pay for security, though.
Source link