Ceci est une ancienne révision du document !
Veracrypt is an open source application for on-the-fly encryption (OTFE). It is great for full disk encryption (FDE). Veracrypt is a fork of the discontinued TrueCrypt project. It was initially released on June 22, 2013 and is currently at version 1.20 as of June 29, 2017.
Website: https://veracrypt.codeplex.com/
UPDATE: Veracrypt is moving to: https://www.veracrypt.fr/en/Home.html
From the website:
VeraCrypt’s main features: • Creates a virtual encrypted disk within a file and mounts it as a real disk. • Encrypts an entire partition or storage device such as USB flash drive or hard drive. • Encrypts a partition or drive where Windows is installed (pre-boot authentication - https://www.veracrypt.fr/en/System%20Encryption.html). • Encryption is automatic, real-time (on-the-fly) and transparent. • Parallelization (https://www.veracrypt.fr/en/Parallelization.html) and pipelining (https://www.veracrypt.fr/en/Pipelining.html) allow data to be read and written as fast as if the drive was not encrypted. • Encryption can be hardware-accelerated (https://www.veracrypt.fr/en/Hardware%20Acceleration.html) on modern processors. • Provides plausible deniability, in case an adversary forces you to reveal the password: Hidden volume (https://www.veracrypt.fr/en/Hidden%20Volume.html) (steganography) and hidden operating system (https://www.veracrypt.fr/en/Hidden%20Operating%20System.html).
More specifically, Veracrypt is cross platform friendly. It works on Linux, MacOS and Windows. VeraCrypt can read TrueCrypt containers and partitions. It is great for encrypting removable drives.The thing to remember here is, choose a filesystem you can read on other OS’s .(Windows being the weak link)
Operating systems supported: • Linux • Raspbian • Mac OSX • Windows
Those of us who use Ubuntu are familiar with LUKS (Linux Unified Key Setup) that Ubuntu uses to encrypt your home folder – if you choose to do so at setup. Other than LUKS, it is not difficult to configure after install. Veracrypt features command-line and GUI options.
Installation
Downloads are provided via the website and Software Centres. Installation can be done from package managers or command-line, or built from source. One thing to remember when building from source is that VeraCrypt relies on the fuse package:
sudo apt install exfat-fuse && exfat-utils
Command line installation is as simple as:
sudo bash veracrypt-1.19-setup-gui-x64
(yes I know I said version 1.20 is out, but it is not available for Linux download at the moment.)
After accepting the licence terms, Apache 2.0 licence, you can start the installation.
Usage
When you launch veracrypt from the menu, you will see the following window:
From here you can create volumes, or mount them. The automount option is extremely handy as you can plug in a drive, click auto-mount devices, insert the password, and voila! It will mount it for you.
For added security, VeraCrypt offers two-factor-authentication, and even PIM management.
Encryption options are varied and VeraCrypt offers single or double encryption methods. You have a choice of AES, Twofish, Blowfish and combinations of those.
Once your drive or volume is mounted, it is used just as any other. You can copy & paste files to the mounted volume or container. All files are secure when you dismount said container, and should you want to access them again, you have to enter the password again.
Though you can encrypt just a file container, I would recommend that you use FDE.
Remember – an encrypted container is just a file. It can be deleted!
External encrypted drives are mounted in just the same way.
Veracrypt also supports HIDDEN containers. Hidden containers are not visible to anyone, so be careful using this option.
There are options to pin favourites to your interface and up to 64 disks are supported.
Conclusion
I have been very happy with Veracrypt; it has replaced the ancient TrueCrypt and I have had no problems so far. Even on drives that fail, you can recover the container and copy it to a new drive and mount it. Compared to LUKS, you can mount older versions without incident, even on other operating systems. The project is under active development and even underwent a security audit. I highly recommend this product if you are security conscious.
References: