Secret Vault for Secret Items
Tutorial how to use Veracrypt to create a vault/ container to store secret files
Geek level: medium
So where do you keep your very personal files which contain very important credentials: scan of your ID, you bank account information, your house certificate information, your list of passwords, your SSH keys, etc ?
- laptop at home or local HDD — if it gets stolen ?
- internet cloud provider — do you actually believe your data are safe there ?
- I don’t store important data digitally — oookay if you say so…
Anyways, it doesn’t matter where you store. As long as you keep it encrypted. That’s right. Imagine to have a personal folder, that you can fill with any files you want to be secret. The folder can only be opened with your master password (not possible to recover if you forget it), and you can easily transfer it anywhere and still feel secure because nobody but you can open it.
I have been using this for many years now, introducing Veracrypt (based on Truecrypt)
http://truecrypt.sourceforge.net/
The idea is to create storage vault (image file, like ISO but writable). The vault file, you can set as big as you want, but usually very important document is not big, unless you are storing your secret recorded video there 😆
back to topic — the vault can be mounted into a folder (in Linux/Mac) or into a new drive (Windows). You can use password or keyfile, whichever you like. In advanced mode you can even encrypt whole partition of harddisk using Veracrypt. But I will not discuss this one in this article. For me I don’t actually like harddisk total encryption, because if it has sector corruption you can lose the entire data.
Step 1 — creating new vault
Click “Create Volume”, choose encrypted file container. Then choose “standard veracrypt volume”.
The other option would be “hidden veracrypt volume”, this is a paranoid mode where you can have volume inside a volume, where you have to enter alternative password to reveal the true one. This is for case where somebody forces you to open the vault.
Pick where you want to save the vault file location.
Tips: you might want to use filename that is not “catchy”. Imagine if your vault filename is “mysecretfilecollections.veracrypt” — this will of course bring attention to anybody.
On next page you will be asked for encryption algorithm and checksum used. I will leave them with AES/SHA options.
Next, choose your vault size, in this example I will use 1024 MB size. The bigger file size, more content you can put. But lesser size makes it easier to transfer between PC/ Flash disk.
Then finally choose your master password to unlock this vault. The longer the better, but just don’t forget it.
On next page you have to choose the filesystem. Choose FAT if you are going to have the file mounted in all operating systems. Choose NTFS if you are planning to store file larger than 4GB (but of course your vault size must be larger than that). Then checklist the “I will mount the volume on other platform” to make it transferable.
On next page you will be asked to randomly move your mouse. The movement will be used to generate actual keys to encrypt the file content. You master password is used to encrypt these files internally.
Congrats, you have created your first secret container.
Now let’s try to open it.
Use the “select file” button from main menu.
If you entered wrong password, the failure notification will show after quite a while. This is intended so nobody can brute force it easily.
After successfully opening the container with correct password, then you can have new folder or drive (i.e. /media/veracrypt19) to use. You can also specify what mount folder/drive to use.
To make it easier, you can also use command line/ shell script to mount:
#!/bin/bash
sudo veracrypt /home/haries/logfiles.db /vera
In above example, I mount the container “logfiles.db” to my custom folder “/vera”.
Additional tips in Linux: you can create soft link to sensitive directory to Vera mounted folder. This case if your laptop got stolen, then your SSH Keys under “.ssh” folder cannot be used by other people:
.ssh -> /vera/.ssh/Thank you for reading 🍻
