Encrypt USB Stick with Vera Crypt

How to encrypt an USB stick using Vera Crypt.

If you like my work, ❤️ Sponsor Me. It would mean the world to me!

Installation

VeraCrypt is not available on the default Ubuntu repositories. Therefore, to install it using the package manger, you have to add the PPA repositories.

Add PPA repos using the command below. Note that this repository is not related to VeraCrypt even though Unit 193 is Xubuntu developer and he is a great contributor to the open source community;

sudo add-apt-repository ppa:unit193/encryption
sudo apt-get update
sudo apt install veracrypt

Traveler Disk Setup

PLEASE NOTE: Since we are not using Windows, there is no Tools > Traveler Disk Setup option. This is expected. Nevertheless, we can create the Traveler Disk manually:

... For linux and MAC this option is not available, but the apps are already portable. I just had to copy the executables from /usr/bin in Linux and Applications in OSX. I've tested them on clean system where TrueCrypt wasn't installed. - Ask Ubuntu: Create veracrypt traveler disk in Ubuntu

Partition the USB Stick

The first step is to create two Partitions on your USB Stick:

a small one called Travel-Disk using the NTFS file system and is 512 MB in size
- this partition won't be encrypted; It will provide the VeraCrypt binaries
a big one claiming all of the remaining space of your USB Stick
- we are going to encrypt this partition in a minute

Copy VeraCrypt binaries

Next we'll transfer the VeraCrypt binaries to the Travel-Disk Partition. Below we are assuming it is mounted under /media/$USER/Travel-Disk.

Linux

# Create a Linux directory:
mkdir /media/$USER/Travel-Disk/Linux

# Copy the veracrypt binary:
cp /usr/bin/veracrypt /media/$USER/Travel-Disk/Linux/

# Create a brief README:
cat > /media/$USER/Travel-Disk/Linux/README.md << 'EOF'
# VeraCrypt for Linux

Execute the veracrypt binary from your Terminal:

sh -c /media/$USER/Travel-Disk/Linux/veracrypt
EOF

macOS

Unfortunately for macOS there is no standalone version available, because macFUSE 3.10 or newer must be installed too. So the best we can do is to download the latest stable VeraCrypt DMG file along with the latest stable macFuse and copy both files to Travel-Disk together with a brief README file:

# Create a macOS directory:
mkdir /media/$USER/Travel-Disk/macOS

# Copy the VeraCrypt DMG file:
cp ~/Downloads/VeraCrypt*.dmg /media/$USER/Travel-Disk/macOS/

# Copy the macFuse DMG file:
cp ~/Downloads/macfuse*.dmg /media/$USER/Travel-Disk/macOS/

# Create a brief README:
cat > /media/$USER/Travel-Disk/macOS/README.md << 'EOF'
# VeraCrypt for macOS

No standalone version available.
macFUSE 3.10 or newer must be installed too.
EOF

Windows

There is a portable version available for Windows, so we download the latest stable version and copy it to Travel-Disk/Windows:

# Create a Windows directory:
mkdir /media/$USER/Travel-Disk/Windows

# Copy the VeraCrypt Portable exe file:
cp ~/Downloads/VeraCrypt*.exe /media/$USER/Travel-Disk/Windows/

# Create a brief README:
cat > /media/$USER/Travel-Disk/Windows/README.md << 'EOF'
# VeraCrypt for Windows

IMPORTANT: DON'T EXTRACT THE APP TO THE USB STICK!

Because the VeraCrypt driver is not unloaded
after exiting VeraCrypt, you won't be able to
unmount the stick without a system reboot.

https://www.veracrypt.fr/en/Portable%20Mode.html
EOF

Create encrypted partition

Now everything is ready to create the encrypted partition:

Start VeraCrypt
Go to Tools > Volume Creation Wizard
Select Create a Volume within a partition/drive
Select Standard VeraCrypt volume
In Volume Location, click Select Device...
- then select the previously created, big partition (probably /dev/sda2)
Enter the local machine's Administrator password when prompted
In Encryption Options make sure to select something different than the defaults
Then set your Volume Password
Enable Large File support
Choose NTFS as the Filesystem Type
Enable Cross-Platform Support
Format the Volume
Click Exit - and you're done

Marco Betschart