In another post I wrote about how to encrypt a folder using Gnome EncFS Manager on Linux.
In this article I want to tell how to encrypt an USB stick or an external hard disk, but first I want to explain why.
The answer is quite easy, I need to encrypt an hard disk or an USB stick if I use it to save important information and this device is accessible easily from many people. For example: if I use an hard disk for backups and I often stay in places where there are a lot of people (offices, public transports and so on), there is a high risk of it being stolen or lost. In this situation, if the disk is encrypted you will lose only its economic value, but if it isn’t encrypted everybody can have access to his information!!!
Now, how to encrypt an hard disk?
VeraCrypt is one of the many forks of the TrueCrypt project which was abbandoned few months ago.
It’s a good solution to encrypt a disk, a disk partition or also a single folder.
It’s opensource and multi-platform, so, you can use it on Linux, Mac OSXx and Windows.
Installation/Uninstallation VeraCrypt on Linux
Download the package from the VeraCrypt’s site in the folder that you prefer.
Then extract it and copy the file veracrypt-*-setup-gui-x64 or veracrypt-*-setup-gui-x86 into the home folder, and finally execute the following commands:
chmod +x veracrypt-* ./veracrypt-*
Now it’s enough to write VeraCrypt in the Dash to find the icon and start it.
To make an encrypted container
A container is an encrypted file where you can store other files or folders.
It’s possible to use VeraCrypt to make a container that you can mount like a virtual disk and so you can register all the documents you want.
To do it you have to click on the Create Volume button, then choose Create an encrypted file container on the window that will appear and follow the instructions.
To make an encrypted volume
If you want to encrypt a whole USB stick, an external hard disk or a whole hard disk’s partition you have to click on Create Volume button and choose Create a volume within a partition/drive on the window that appear, then follow the instructions.
After this operation, when you will connect the USB stick or the hard disk to your PC it won’t happen anything, nothing will be mounted; If you want to access to the encrypted volume you have to select it and mount it using VeraCrypt.
Both in the case of the encrypted file container and the encrypted volume during the creation VeraCrypt will ask you the kind of the file system to use for the volume to create: FAT, ext2, ext4, …
The choise depends on how you want to use it: if you want to use it on a Windows PC you can encrypt it only with the file system FAT; but if you want to use it only on Linux you can also choice the other file systems like ext2 or ext4 which permit to mantain the attributes of every file.
Many people think the encrypted volumes slow your operation because encryptation and decryptation needs of a lot of resources.
This isn’t ever true. In my case writing and reading on encrypted containers using VeraCrypt is quicker than the same operations on not encrypted disk. It depends on the Parallelization technique used by Veracrypt that use all the core of the processor for the operation, instead the OS use only one core for the same operation.
To encrypt a disk partition, an hard disk or an USB stick on Ubuntu Linux there is also LUKS that is installed by default.
To do it, you have to use the application Disks, select the partition (hard disk or USB stick) you want to encrypt, click on the gear and choose Format.
Choose the filesystem’s type LUKS + Ext4, that is Encrypted, compatible with Linux systems.
ATTENTION:it won’t be readble on Windows or Mac.
Now when you connect the USB stick or the external hard disk to the PC, a window will appear asking the encryptation passphrase before to mount it.
Differences between LUKS vs VeraCrypt
About performance there aren’t difference.
If you want to use the encrypted device on every operting system (Windows, Mac and Linux) the choise is only one: VeraCrypts with the FAT file system. Otherwise, if you want use it only on Ubuntu Linux, you can use both but I prefer LUKS because it’s perfectly integrated in Ubuntu Linux and it’s easier to use.
Another important difference is that VeraCrypt needs to work like super user if the volume is encrypted with ext4 file system …quite boring.
If you want to create only an encrypted container in the hard disk, VeraCrypt is the solution because LUKS can’t do it; but, for the same goal, the are other good solution like Gnome Encfs or Cryptkeeper prefectly integrated with the Unity notification-bar.
At last a little suggest: all thes solutions are very good but the most important thing is the choice of the encryption key (the passphrase), if it isn’t very strong your data are unsafe 😉