[[!meta title="Using VeraCrypt encrypted volumes"]] [[!toc levels=2]] Introduction to VeraCrypt ========================================================== [VeraCrypt](https://www.veracrypt.fr/) is a disk encryption tool that works on Windows, macOS, and Linux. Comparison between LUKS and VeraCrypt ------------------------------------------------------------------------------------------------------- You can also create and open LUKS encrypted volumes in Tails. LUKS is the standard for disk encryption in Linux. [[See our documentation about LUKS.|encrypted_volumes]] [[!inline pages="doc/encryption_and_privacy/luks_vs_veracrypt.inline" raw="yes" sort="age"]] To create new VeraCrypt volumes, do so outside of Tails. See the step-by-step guides by Security-in-a-Box: - [VeraCrypt for Windows](https://securityinabox.org/en/guide/veracrypt/win/) - [VeraCrypt for macOS](https://securityinabox.org/en/guide/veracrypt/mac/) - [VeraCrypt for Linux](https://securityinabox.org/en/guide/veracrypt/linux/) Difference between file containers and partitions ------------------------------------------------- With VeraCrypt you can store your files encrypted in two different kinds of *volumes*:

File containers

[[!img container-icon.png link="no"]]

A file container is a single big file inside which you can store several files encrypted, a bit like a ZIP file.

Partitions or drives

[[!img partition-icon.png link="no"]]

Usually, drives (USB sticks and hard disks) have a single partition of their entire size. This way, you can encrypt a whole USB stick, for example. But, drives can also be split into several partitions.

Unlocking parameters -------------------- To unlock a VeraCrypt volume, you might need the following parameters, depending on the options that were selected when the volume was created: - **Passphrase** - **Keyfiles**: instead of or in addition to the passphrase, a VeraCrypt volume can be unlocked using a particular file or set of files. [See the VeraCrypt documentation on keyfiles.](https://www.veracrypt.fr/en/Keyfiles.html) - **PIM**: a number that is needed if it was specified when creating the VeraCrypt volume. [See the VeraCrypt documentation on PIM.](https://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20\(PIM\).html) - **Hidden volume**: if you want to unlock the hidden volume inside the VeraCrypt volume. [See the VeraCrypt documentation on hidden volumes.](https://www.veracrypt.fr/en/Hidden%20Volume.html) - **System volume**: if you want to unlock an encrypted Windows system partition. [See the VeraCrypt documentation on encrypting a Windows system partition.](https://www.veracrypt.fr/en/System%20Encryption.html) Using a file container ====================== [[!img container-icon.png link="no" alt=""]] Unlocking a file container without keyfiles ------------------------------------------- 1. Choose Applications ▸ Accessories ▸ VeraCrypt Mounter. 1. Click Add and choose the file container that you want to unlock. 1. Enter the parameters to unlock the volume. For more information, see the [[Unlocking parameters|veracrypt#parameters]] section above. Click Unlock. 1. VeraCrypt Mounter opens your volume. 1. If unlocking the volume fails (for example, if you mistyped the password), click on Unlock to try unlocking again. Unlocking a file container with keyfiles ---------------------------------------- 1. Choose Applications ▸ Utilities ▸ Disks to start the Disks utility. 1. Choose Disks ▸ Attach Disk Image… from the top navigation bar. [[!img disks-menu.png link="no" alt=""]] 1. In the Select Disk Image to Attach dialog: - Unselect the Set up read-only loop device check box in the bottom-left corner if you want to modify the content of the file container. [[!img read-only.png link="no" alt=""]] - Choose All Files in the file filter in the bottom-right corner. [[!img all-files.png link="no" alt=""]] - Navigate to the folder containing the file container that you want to open. - Select the file container and click Attach. 1. In the left pane, select the new Loop Device that corresponds to your file container. In the right pane, it should have an Encrypted? label. [[!img container-locked.png link="no" alt=""]] 1. Click the [[!img lib/unlock.png alt="Unlock selected encrypted partition" class="symbolic" link="no"]] button in the right pane. 1. Enter the parameters to unlock the volume. For more information, see the [[Unlocking parameters|veracrypt#parameters]] section above. Click Unlock. 1. Select the file system that appears below the unlocked volume. It probably has a FAT or NTFS content. 1. Click the [[!img lib/media-playback-start.png alt="Mount selected partition" class="symbolic" link="no"]] button to mount the volume. 1. Click on the */media/amnesia/* link in the right pane to open the volume in the Files browser. 1. Your volume opens in Files. Closing a file container ------------------------ You can either: - In the sidebar of the Files browser, click on the [[!img lib/media-eject.png alt="Eject" class="symbolic" link="no"]] button on the label of the volume corresponding to your file container. [[!img eject-container.png link="no" alt=""]] - In VeraCrypt Mounter, click on the [[!img lib/window-close.png class="symbolic" link="no" alt=""]] button in the line that corresponds to your file container. Using a partition or drive ========================== [[!img partition-icon.png link="no" alt=""]] Unlocking a partition or drive without keyfiles ----------------------------------------------- 1. If your partition or drive is on an internal hard disk, [[set up an administration password|doc/first_steps/startup_options/administration_password]] when starting Tails. Otherwise, plug in the USB stick or the hard disk that you want to unlock. 1. Choose Applications ▸ Accessories ▸ VeraCrypt Mounter. 1. In the list of partitions, click Unlock in the line that corresponds to your USB stick or hard disk. [[!img partition-encrypted-label.png link="no" alt="Mount and open '8.2 GB Encrypted'"]] XXX: Update screenshot 1. Enter the parameters to unlock the volume. For more information, see the [[Unlocking parameters|veracrypt#parameters]] section above. Click Unlock. 1. VeraCrypt Mounter opens your volume. Unlocking a partition or drive with keyfiles -------------------------------------------- 1. If your partition or drive is on an internal hard disk, [[set up an administration password|doc/first_steps/startup_options/administration_password]] when starting Tails. Otherwise, plug in the USB stick or the hard disk that you want to unlock. 1. Choose Applications ▸ Utilities ▸ Disks to start the Disks utility. 1. In the left pane, select the device that corresponds to your USB stick or hard disk. [[!img partition-locked.png link="no" alt=""]] 1. In the right pane, select the partition that corresponds to your *VeraCrypt* volume. It should have an Encrypted? label. 1. Click the [[!img lib/unlock.png alt="Unlock selected encrypted partition" class="symbolic" link="no"]] button in the right pane. 1. Enter the parameters to unlock the volume. For more information, see the [[Unlocking parameters|veracrypt#parameters]] section above. Click Unlock. 1. Select the file system that appears below the unlocked volume. It probably has a FAT or NTFS content. 1. Click the [[!img lib/media-playback-start.png alt="Mount selected partition" class="symbolic" link="no"]] button to mount the volume. 1. Click on the */media/amnesia/* link in the right pane to open the volume in the Files browser. 1. Your volume opens in Files. Closing a partition or drive ---------------------------- You can either: - In the sidebar of the Files browser, click on the [[!img lib/media-eject.png alt="Eject" class="symbolic" link="no"]] button on the label of the volume corresponding to your partition. [[!img eject-partition.png link="no" alt=""]] - In VeraCrypt Mounter, click on the [[!img lib/window-close.png class="symbolic" link="no" alt=""]] button in the line that corresponds to your USB stick or hard disk.