Once upon a time, there was an encryption protocol called TrueCrypt. It was said to be totally impregnable with the FBI unable to break in. Then the TrueCrypt project was suddenly shut down and rumors started flying that the FBI had finally busted its encryption.
The text above is not a piece of advice to uninstall VeraCrypt by IDRIX from your PC, nor are we saying that VeraCrypt by IDRIX is not a good application for your PC. This text only contains detailed instructions on how to uninstall VeraCrypt in case you decide this is what you want to do.
TrueCrypt has now been replaced by VeraCrypt which, from the outside, looks more or less identical. But unless your enemy is a government or an evil emperor on a fully operational Death Star, VeraCrypt is more than sufficient to keep nosy parents, spouses, and roommates from reading your private business (porn).
In this first part of a three-part article, I will beshowing you how to set up an encrypted volume with VeraCrypt. In part two, Iwill show you how to hide a hidden section insidethe encrypted volume for extra super-special security. In part three, I will explainhow to encrypt your entire operatingsystem with the program.
Setting Up VeraCrypt For The Very First Time
First, head on over to the Veracrypt website and choose your operating system. I particularly like the portable Windows version which stays on my USB stick.
Now install the program as you usually would with anyother program.
Opening It Up
When you open up the program, this is what you willsee.
The first step is to click “Create Volume”. This nowpops up.
Today, we’re going with door number one. So click on“Create an encrypted file container” and then “Next”.
The hidden volume option will be discussed in moredepth in part two. So for the moment, choose “Standard VeraCrypt volume” andthen “Next”.
The next step is to specify the location of theencrypted volume and the name of it. Click on “Select File” and navigate to thefolder where you want to put it. Then type the name of it. Both the locationand the name can be changed later if need be.
The next screen now asks you to choose your encryptionalgorithm. It will default to AES, which is perfectly fine. If it’s good enoughfor the US Government’s Top Secret files, then it’s good enough for your KatyPerry albums. No need to overthink this one.
Equally, don’t touch the hash algorithm, unless youabsolutely know what you’re doing.
You now need to decide how big the volume has to be.
You have to take two considerations into account.
- What will the encryptedvolume be used for? Videos and music for example will need a larger volume thanjust purely files.
- How much free space do youhave on your computer? VeraCrypt volumes can be moved onto removable media suchas USB sticks and portable hard-drives. Or cloud storage. But you need to findout in advance if you have the storage space needed, as changing the volumesize later is not possible.
For the purposes of this article, I went with 1GB. Butmy main VeraCrypt volume is 150GB.
Now the most important part of all – the password.
Before choosing a password, you have to remember thefollowing. VeraCrypt does not, for the sake of security, do password resets orpassword reminders. So if you forget your password, you are quite literally upthe creek without the proverbial paddle.
So although the password should not be somethingstupid like “12345”, it should also be something you will always remember.
I would avoid keyfiles and PIM’s for the moment. Theyhave the potential to make your volume much more secure but you need to have asolid understanding of how they work. I am still trying to figure it out so Iam not going to expect you to suddenly become an expert in it. Let’s keep itsimple for now.
Last of all, it’s time to generate your encryptionkeys.
Move your mouse randomly around the VeraCrypt windowuntil the red bar at the bottom gets to the other end and turns green. As thewindow says, the longer you move it and the more random the moves, the betterthe encryption strength.
When the bar at the bottom is green, click “Format”and your volume will be made and placed in the location you specified.
Opening Up Your VeraCrypt Volume
Now that you have your nice shiny new volume, it’stime to open it up and hide some files in there.
Go back to the VeraCrypt main window, highlight adrive letter with your mouse, click “Select File”, and double-click the volume.Remember not to use any drive letters currently being used by other drives,portable media or software. When the volume is showing, click “Mount”.
I would advise you to keep “Never save history”ticked. Otherwise, VeraCrypt will keep a record of all the volume locations onyour computer that were recently accessed.
Now enter your password. “TrueCrypt Mode” is only forpeople who had old TrueCrypt volumes which were suddenly rendered useless whenthe software was abandoned. But you can ignore that if you have never usedTrueCrypt.
Once the password has been successfully entered, go toWindows Explorer (or Finder if you are using MacOS) and you will see the volume“mounted” as a drive.
Or you can double-click on the volume in VeraCrypt tobe taken directly there.
Now you can just drag files into the volume and theywill show up.
To close the volume and secure the files, click“Dismount” on the VeraCrypt window.
And that is how to make an encrypted folder/volume.You can create as many of these as you want – VeraCrypt does not impose anylimits. Of course, the more volumes you have on the go, the more passwords youhave to remember. So maybe don’t go toocrazy.
Next time, we’ll look at hidden volumes within normalvolumes. Stay tuned for that.
I have a TrueCrypt container that was made some time in 2013. It's exactly 25MB and named
secret.tc
. I installed VeraCrypt 1.19 in macOS Sierra, but cannot seem to mount the container.The error in the VeraCrypt GUI is:
Looking through the
--help
I do seem to recognize the word nokernelcrypto
, but not why. It's been quite a few years.I have attempted both with and without TrueCrypt Mode enabled. Are there compatibility issues?
abrknabrkn
migrated from security.stackexchange.comMay 19 '17 at 11:53
This question came from our site for information security professionals.
6 Answers
I have had the same issue and just to re-confirm what others are saying - Veracrypt can sometimes fail in opening older TC volumes. To fix this just download an older version of TC and migrate to a compatible VC volume.
Edit: Just to clarify this should only be an issue you have a volume created with a version of TC <6. So if you created the volume with say v5 of TrueCrypt you would not be able to open that volume, and you should see a message like such:
Toto4,8541010 gold badges1313 silver badges2828 bronze badges
user92257user92257
You would have no problems to mount
TrueCrypt
container from VeraCrypt
application - with or without the TrueCrypt
check box checked.So you problem is probably with entering an incorrect password or entering a PIM (you must not to enter it) or with the corrupted file (if you have a backup of it try it).
MarianDMarianD
1,56811 gold badge88 silver badges1818 bronze badges
I can confirm Vera crypt won't open some of the containers created by True crypt.I've some containers from about 2005 and 2006, which I recently recovered from old CD backup discs, which failed to mount in Vera crypt (true crypt mode enabled)I tried for hours using variation of the password I may have used, always ended up in error.Today I have got a copy of true crypt v7 and installed it in windows xp virtual machine, and presto, works straight away!! So don't give up on your old TC volumes, just try with latest version of true crypt (7.1 I think was the latest).
SlawekSlawek
No, you cannot. I have volumes from 3.x encrypted with Whirlpool by a simple password, and Veracrypt will not mount them no matter what, even in TC mode. An old copy of TC 6 mounts them just fine.
DenjinJDenjinJ
Just to distill the content here & provide my experience - yes - really old volumes of TrueCrypt CAN NOT be opened by VeraCrypt.
It it's important, get the last version of TrueCrypt (7.2), decrypt or mount those volumes in TrueCrypt, create a suitably sized & secure empty VeraCrypt volume, copy all your recovered TrueCrypt files into the new Veracrypt volume, and you are done.
Could there be problems? Perhaps, but I've done this with no problems with TrueCrypt volumes created over a decade ago. If you are worried about security breaches, sandbox the TrueCrypt & volume to decode into clear text, unistall TrueCrypt, create a suitable VeraCrypt volume, copy decoded cleartext you got from the old TrueCrypt volume, into the new VeraCrypt volume, delete both the clear text and the TC volume, & now you should be pretty much converted & good to go
Bottom line is if you have some really old TrueCrypt volumes you wold like to recover, your options are basically give up, or do the one time port with original TrueCrypt, import them into your new VeraCrypt volumes, then delete TrueCrypt & those volumes from your system. No guarantees, but that probably the most reasonable compromise if you ever want to see those old files again.
Oh, & PS - just for extra care, copy the .tc file you want to decrypt. If something goes terribly wrong & it gets corrupted, you still have the originaL.
ChrisNYChrisNY
I came to this post because it appeared that VC had corrubpted two TC volumes even after restarting. So, I created another post about that issue. I want to answer that contrary to @MarianD's response, yes VC can open an old TC container and the 'TrueCrypt Mode' must be checked as in the instructions for converting volumes from the VC site below. (provided that it is not too old as @DenjinJ points out). I just tested without it checked and it will not mount, giving the generic error seen above.
alchemyalchemy