How to Install and Use Veracrypt on Ubuntu 20.04

If you do not want others to have access to your data, then encryption is essential. When you encrypt your sensitive data, unauthorized persons cannot easily get to it. This how-to guide focuses on the installation and basic usage of Veracrypt disk encryption software on Ubuntu Linux. Veracrypt is an open-source software and it is free.

Install Veracrypt

As seen on the official downloads page (link: https://www.veracrypt.fr/en/Downloads.html), two options are available for using Veracrypt on Ubuntu Linux, namely: GUI and console. GUI means graphical-based and console means text-based(command-line.)

Install Veracrypt: GUI

Run the following command in the Ubuntu terminal to download the Veracrypt GUI installer package.

$ sudo wget https://launchpad.net/veracrypt/trunk/1.24-update7/+download/veracrypt-1.24-Update7-Ubuntu-20.04-amd64.deb

Now, you may install the downloaded package as follows.

$ sudo apt-get install ./veracrypt-1.24-Update7-Ubuntu-20.04-amd64.deb

Enter y to continue with the installation if prompted. After a successful installation, you can launch Veracrypt from the Applications menu > Accessories > Veracrypt.

Install Veracrypt: Console

Run the following command in the Ubuntu terminal to download the Veracrypt console installer package.

$ sudo wget https://launchpad.net/veracrypt/trunk/1.24-update7/+download/veracrypt-console-1.24-Update7-Ubuntu-20.04-amd64.deb

You may now proceed to install the downloaded package. Run the command below.

$ dpkg -i ./veracrypt-console-1.24-Update7-Ubuntu-20.04-amd64.deb

When the installation completes successfully, you may begin to use Veracrypt in the Ubuntu terminal. To see usage info, run the following command.

$ veracrypt -h

Encrypt Your Sensitive Data

Let us imagine that you have a folder named folder1 on your Ubuntu desktop which contains sensitive documents. We are going to create an encrypted volume via the GUI and the console to serve as a personal vault for storing such sensitive documents.

GUI Method:

Create an encrypted volume

1. Launch Veracrypt from the Applications menu > Accessories > Veracrypt 2.  Click Create 3.  In the Veracrypt volume creation wizard, choose Create an encrypted file container 4.  Click Next Figure 1: Create an encrypted file container 5.  On the Volume Type page, choose the first option labeled Standard Veracrypt volume 6.  Click Next 7.  Under Volume Location, click Select File 8.  Choose your desired location on the left and then enter a name for the encrypted file container at the top

Figure 2: Name your new encrypted file container 9.  Click Save at the bottom of the window 10.  Back to the Volume Location page, click Next 11.  Under Encryption Options, leave the default selections: AES and SHA-512, and click Next 12.  Under Volume Size, enter the desired volume size. Click the drop-down menu to switch between Gigabytes, Megabytes and Kilobytes

Figure 3: Specify the size of the encrypted file container 13.  Click Next 14.  Under Volume Password, enter an encryption password 15.  Click Next 16.  Under Format Options, you may choose Linux Ext3 from the drop-down menu

Figure 4: Choose filesystem type for the encrypted volume 17.  Click Next 18.  Under Cross-Platform Support, let us go with the default selection 19.  Click Next and then click OK when prompted 20.  Under Volume Format, begin to move your mouse randomly for at least 1 minute

Figure 5: Move your mouse randomly 21.  When you are done, click Format 22.  When prompted, enter your Linux user password and click OK 23.  Wait for a message indicating that your Veracrypt volume was successfully created 24.  Click OK 25.  Click Exit

Mount the encrypted volume

1.  Back to the main VeraCrypt window, click any free slot in the list 2.  Click Select File 3.  Choose the encrypted file container which you created earlier 4.  Click Open at the bottom of the Window 5.  Click Mount Figure 6: Mount encrypted volume 6.  When prompted, enter your encryption password and click OK 7.  You should now see a new device icon on your desktop The mounted device will also be listed under Devices when you open File Manager by accessing your home directory for instance. Figure 7 below shows the default mount directory path.

Figure 7: Encrypted volume mount directory path You may now proceed to move your sensitive folder into your personal vault.

Figure 8: Mounted volume listed under devices

Dismount the encrypted volume

1.  To dismount the encrypted volume, make sure that the appropriate slot is selected in the main Veracrypt window 2.  Click Dismount 3.  The slot entry should now be blank 4.  Also, you should no longer see the encrypted volume on your desktop or listed under Devices

Figure 9: Dismount encrypted volume

Console Method:

Create an encrypted volume

Run the command below in the Ubuntu terminal to begin creating your encrypted volume.

$ veracrypt --create

When prompted to choose a volume type, enter 1 for a Normal volume

Volume type: 1) Normal 2) Hidden Select [1]: 1

Next, you would be prompted to enter volume path and volume size. In the example below, the encrypted volume is called personal_vault and will be created in my home directory. The size of the personal vault will be 2 Gigabytes.

Enter volume path: /home/shola/personal_vault Enter volume size (sizeK/size[M]/sizeG): 2G

For encryption algorithm and hash algorithm, the default AES and SHA-512 values are recommended. Enter 1 in both cases.

Encryption Algorithm: 1) AES 2) Serpent 3) Twofish 4) Camellia 5) Kuznyechik 6) AES(Twofish) 7) AES(Twofish(Serpent)) 8) Camellia(Kuznyechik) 9) Camellia(Serpent) 10) Kuznyechik(AES) 11) Kuznyechik(Serpent(Camellia)) 12) Kuznyechik(Twofish) 13) Serpent(AES) 14) Serpent(Twofish(AES)) 15) Twofish(Serpent) Select [1]: 1 Hash algorithm: 1) SHA-512 2) Whirlpool 3) SHA-256 4) Streebog Select [1]: 1

For filesystem, Linux Ext3 would suffice. You may enter 4 to choose that.

Filesystem: 1) None 2) FAT 3) Linux Ext2 4) Linux Ext3 5) Linux Ext4 6) NTFS 7) exFAT 8) Btrfs Select [2]: 4

Now, it is time to choose a strong encryption password. You will get a warning if your chosen password is determined to be weak. Note: Using a short password is NOT recommended.

Enter password: WARNING: Short passwords are easy to crack using brute force techniques! We recommend choosing a password consisting of 20 or more characters. Are you sure you want to use a short password? (y=Yes/n=No) [No]: y Re-enter password:

When you are prompted to enter PIM, press the enter key on your keyboard to accept the default value. Do the same when you are prompted to enter the keyfile path. PIM is a number that specifies how many times your password is hashed. A keyfile is used alongside a password, such that any volume that uses the keyfile cannot be mounted if the correct keyfile is not provided. As we are focusing on basic usage here, the default values would suffice.

Enter PIM: Enter keyfile path [none]:

Finally, you would need to randomly type on the keyboard for at least 1 minute and quite fast too. This is supposed to make the encryption stronger. Avoid the enter key while you type. Press Enter only when you are done typing and then wait for the encrypted volume to be created.

Please type at least 320 randomly chosen characters and then press Enter: Done: 100% Speed: 33 MiB/s Left: 0 s The VeraCrypt volume has been successfully created.

Mount the encrypted volume

To access the content of the encrypted volume, you need to first mount it. The default mount directory is /media/veracrypt1 but you can create yours if you wish. For example, the following command will create a mount directory under /mnt.

$ sudo mkdir /mnt/personal_vault

The next command below will begin mounting the encrypted volume.

$ veracrypt --mount /home/shola/personal_vault

When you are prompted, either press the enter key to use the default mount directory or type your own mount directory path. You would be prompted to enter your encryption password next. For PIM, keyfile and protect hidden volume prompts, hit the enter key to use the default values.

Enter mount directory [default]: /mnt/personal_vault Enter password for /home/shola/personal_vault: Enter PIM for /home/shola/personal_vault: Enter keyfile [none]: Protect hidden volume (if any)? (y=Yes/n=No) [No]:

Run the following command to list mounted volumes.

$ veracrypt --list
1: /home/shola/personal_vault /dev/mapper/veracrypt1 /mnt/personal_vault

You may now move your sensitive folder to your personal vault as follows.

$ sudo mv /home/shola/folder1 /mnt/personal_vault

To list the contents of your personal vault, run:

$ ls -l /mnt/personal_vault

Dismount the encrypted volume

The following command will dismount the encrypted volume.

$ veracrypt --dismount /mnt/personal_vault

If you run veracrypt –list again, you should get a message indicating that no volume is mounted.


Veracrypt has some very advanced capabilities but we only covered the basics in this article. Feel free to share your experiences with us in the comments section.

About the author

LinuxWays Team

We create HowTos and Tutorials for Sys Admins. Visit us on LinuxWays.net