Site search
Logo

Create and use VeraCrypt volumes

By , winhelp.us logo. Last updated: 2018-08-21

How to create, mount and dismount VeraCrypt volumes in Windows XP, Vista, 7, 8, 8.1 and 10

VeraCrypt is a free encryption utility that works in all versions of Windows from XP to 10 (Linux and Mac OS X are also supported). It is a fork of the once-popular and now abandoned TrueCrypt, plugging all known security holes and improving encryption methods. It is backwards-compatible with TrueCrypt volumes/containers.

VeraCrypt can create encrypted containers for securely storing files and folders, and it supports encrypting system drives or partitions so that no one can access your important files without knowing the correct password and PIN.

Please note that while VeraCrypt works well in Windows 10, its System Drive Encryption might fail version/milestone upgrades (for example, from Build 10166 to 10240). The problem appears right after the first reboot of Windows 10 upgrade: after entering your VeraCrypt password and PIM, screen flashes once or twice and your device restart again, this time reverting the upgrade.

Installing VeraCrypt in Windows

Go to https://veracrypt.codeplex.com/ and click the download button on the right.
VeraCrypt home page, click or tap the 'download' button.

Launch the downloaded file and follow the simple instructions. As VeraCrypt is completely free, you should consider donating some money to the project maintainer IDRIX if you like the security utility. Donation links are also on VeraCrypt's home page, linked above.
VeraCrypt  Setup, Please consider making a donation.

If you need to open VeraCrypt, its icon is probably on the Desktop and it certainly is on the Start menu or Start screen.
If set so in preferences, VeraCrypt icon is in Notification Area/System Tray. Right-click or tap and hold it to see available commands. The Show VeraCrypt command can then be used for opening program window.
VeraCrypt   Notification area icon right-click menu. Choose 'Show VeraCrypt' to open program window.

Modifying important VeraCrypt preferences for better security in Windows

First, it is necessary to change some preferences to ensure your encrypted data will not be accidentally accessible to others. Open VeraCrypt from Start menu/Start screen or by right-clicking/touching and holding the program's icon in Taskbar Notification Area (aka System Tray) and clicking the Preferences command.
The same command is also available in VeraCrypt window: open Settings menu and click Preferences.
VeraCrypt icon in Taskbar Notification Area. Right-click or touch and hold it, then choose 'Preferences'.

In the VeraCrypt - Preferences window, Actions to perform upon logon to Windows section tick the Start VeraCrypt Background Task check box. This ensures that VeraCrypt icon is available in Notification Area/System Tray. Those who need maximum security can leave this check box at its default.

In the Auto-Dismount section, always enable the User logs off and Force auto-dismount even if volume contains open files or directories options to prevent others from accessing your encrypted files. Those who have more at stake, should also enable the Screen saver is launched and Auto-dismount volume after no data has been read/written to it for 60 minutes check boxes for maximum security.

Please note that Auto-Dismount settings do not affect encrypted system drives or partitions.
VeraCrypt - Preferences. Enable the 'Start VeraCrypt Background Task' option. Then put a check mark into 'User logs off' box in the Auto-Dismount section. Click OK.

Other settings are fine by default. Click OK.

Creating VeraCrypt volumes/file containers in Windows

VeraCrypt volumes are special encrypted containers that you can be mounted as virtual disks/drives. If you want to move your sensitive documents into a VeraCrypt volume, it must be large enough to contain these and preferably have some spare space for future expansion, too. The volume or container itself is actually a normal file and can be copied, moved or deleted as usual: you can even carry the volume with you on USB thumb drives or sync it using some cloud service.

Open the Volumes menu in VeraCrypt main window and choose Create New Volume.
VeraCrypt, creating a new volume. Open the 'Volumes' menu and choose 'Create New Volume'.

VeraCrypt Volume Creation Wizard appears. Leave the default option, Create an encrypted file container selected and click Next.
VeraCrypt Volume Creation Wizard. Click Next to create an encrypted file container.

In the Volume Type screen, click Next again to create a Standard VeraCrypt volume.
VeraCrypt Volume Creation Wizard, Volume Type. Leave 'Standard VeraCrypt volume' selected and click Next.

Click or tap the Select File button in the Volume Location screen to select a folder and create a new file. Do not select an existing files here - it will be overwritten during the volume creation process!
Those requiring enhanced security should enable the Never save history option here.
VeraCrypt Volume Creation Wizard, Volume Location. Click the 'Select File' button and create a new file in the desired folder.

Now a standard Windows browsing dialog opens. Locate the folder you need and specify a new file name. To make the file automatically open with VeraCrypt after a double-click, add the extension ".hc" to the end of the file name - for example, "DoNotOpen.hc". To stay on safer side, add no extension to the file name or use some extension that makes people believe the file is not an encrypted volume - for example, ".avi" for larger encrypted volumes might trick others into thinking that this is a video file.
Again - do not select an existing file here - otherwise the file will be overwritten! You can move existing file to the encrypted volume later.
Click Save.

Back in the Volume Location screen, click Next to move on to the Encryption Options dialog.
In most cases, the defaults (AES for encryption and SHA-512 for hash) are fine as this is the fastest encryption-decryption option VeraCrypt offers. Those very concerned about security of their files can select even stronger algorithms for encryption and hashing, while sacrificing some speed of operation.
Click Next to move on.
VeraCrypt Volume Creation Wizard, Encryption Options. Default algorithms are fine, click Next.

In the Volume Size screen, specify the total capacity for the new volume/container. Amount of free space on the selected drive is shown below. Please remember to create a volume that has some spare capacity for future growth.
Click Next.
VeraCrypt Volume Creation Wizard, Volume Size. Specify the capacity of the encrypted volume and click Next.

Next, create a strong password for the encrypted volume - and make the passphrase longer than usual (at least 20 characters). Just think of a sentence to make this easier.
After filling the Password and Confirm fields, tick the Use keyfiles check box and click the Keyfiles button. Keyfiles will serve as additional protection for the volume and make cracking the protection much harder.
Those requiring top security can also turn on the Use PIM option for even stronger encryption. You can use VeraCrypt's default PIM, or specify your own.
VeraCrypt Volume Creation Wizard, Volume Password. Type a new password into Password and Confirm fields. Turn on the 'Use keyfiles' option and click the 'Keyfiles' button.

Keyfiles should never change. After modifying a keyfile's contents, you will lose all access to your encrypted volume (unless you have a valid backup of keyfiles). That's why you should create new keyfiles instead of selecting existing files.

Click or touch the Generate Random Keyfile button on the bottom right of the VeraCrypt - Keyfiles window.
VeraCrypt - Keyfiles. Click the 'Generate Random Keyfiles' button.

VeraCrypt Keyfile Generator opens. Move your mouse randomly in the window for at least 1 minute, until the Randomness Collected From Mouse Movements progress bar turns green.
Tick the Random size check box to generate keyfiles of different length, then fill in the Keyfiles base name field. Finally, click the Generate and Save Keyfile button.

Create and save at least two keyfiles this way.

Please store encrypted volumes and keyfiles in different folders or on different drives/partitions to avoid easy guessing of your keyfile location. Do not use any variant of the word "keyfile" in the file name - use random names instead. If possible, save keyfiles to an external drive (USB thumb drive or a memory card) and keep a backup of the files.
Click Close after you are done.
VeraCrypt - Keyfile Generator. Move your mouse randomly for at least one minute in the window until the progress bar turns green. Fill in the 'Keyfiles base name' field and click 'Generate and Save Keyfile'.

After you've generated and stored all keyfiles, click Add Files back in the VeraCrypt - Keyfiles window. Then locate and select the keyfiles you just generated and click Open and OK.
VeraCrypt - Keyfiles. After generating keyfiles, click 'Add Files'.

If you specified a password shorter than 20 characters, VeraCrypt will warn you that such passwords are easy to crack. If your password is at least 12 characters long and you use at least 3 keyfiles and a PIM, it is pretty safe to click Yes here.
VeraCrypt Volume Creation Wizard, WARNING: Short passwords are easy to crack using brute force techniques! Click 'Yes' only if your password is at least 12 characters long AND you have added at least 3 keyfiles.

In the Volume Format window, select the file system type you need. If you will not store files larger than 4 gigabytes and the volume capacity will not exceed 8 terabytes, FAT is fine.
If you need to store huge files (videos, for example), or you need an encrypted container larger than 8 TB (terabytes), exFAT and NTFS are preferred for VeraCrypt containers. For additional file system security, select NTFS.
Default cluster size is fine.
Again, move your mouse pointer randomly inside the window until the progress bar turns green. Then click Format.
VeraCrypt Volume Creation Wizard, Volume Format. Select FAT filesystem only if you do not need to store files over 4 GB in size. Otherwise, select NTFS or exFAT. Then click Format.

Depending on the size of the volume, it might take some time to create and format it. After the process is complete, click OK.
VeraCrypt Volume Creation Wizard, volume has been successfully created. Click OK.

In the Volume Created window, click Exit if you do not want to create more encrypted volumes. If you do, click Next and start over.
VeraCrypt Volume Creation Wizard, Volume Created. Click Exit.

Mounting VeraCrypt volumes

To mount an existing encrypted volume or container, open VeraCrypt main window using its Taskbar Notification Area (System Tray) icon or Start menu/screen.

Click an available drive letter in the upper part of the window and then click Select File. Those very concerned about the safety of their data should ensure that the Never save history check box is ticked.
VeraCrypt main window. To mount a volume, click a drive letter. Then click 'Select File'.

In the standard Windows browse dialog, locate the volume file you want to mount and click Open. Back in VeraCrypt window, click Mount.
VeraCrypt main window. After selecting a volume, click Mount.

In the Enter password dialog, type the volume/container passphrase. Then tick the Use keyfiles check box and click or tap the Keyfiles button.
VeraCrypt, Enter password. Type the volume passphrase. Put a check mark into 'Use keyfiles' box and click or touch the 'Keyfiles' button.

The VeraCrypt - Keyfiles window, familiar from volume creation wizard, appears. Click Add Files, locate the keyfiles associated with the selected VeraCrypt volume and click Open.
Back in the VeraCrypt - Keyfiles window, click OK.
VeraCrypt - Keyfiles. Click 'OK' after adding the required keyfiles.

If the volume uses PIM protection, tick the Use PIM check box first. Click OK.
If the password and keyfiles (and PIM) are correct, the volume appears mounted in VeraCrypt main window.

VeraCrypt icon in Taskbar Notification Area will change from VC logo to a drive icon with an open lock - this shows that a volume is mounted and encrypted files are usable.
VeraCrypt icon in Taskbar Notification Area (System Tray). If the icon displays VC logo, no volumes are mounted. If the icon has drive icon with an open lock, one or more volumes are mounted.

You can now use the encrypted volume as any other drive - open it in Windows/File Explorer, create folders, copy, move and delete files, etc.

The mounted volume stays mounted as long as you log off Windows. If you have specified so in VeraCrypt preferences, the volume might be automatically dismounted when screen saver runs, or when no data has been read from or written to the volume within 60 minutes. The preferences are described in the beginning of this article.

Dismounting VeraCrypt volumes

If you want to manually dismount a VeraCrypt volume or container, open the program window and choose the volume letter you need to unmount. Then open the Volumes menu and choose Dismount volume. To unmount all encrypted volumes at once, choose Dismount All Mounted Volumes instead.
The same commands are also available if you right-click VeraCrypt icon in Taskbar Notification area.
VeraCrypt main window. Open the 'Volumes' menu and select 'Dismount Volume' to unmount the selected container.

A notification about this appears in Notification Area. If you dismounted all volumes, VeraCrypt icon displays its VC logo. If you still have mounted volumes, the icon displays a drive icon with an open lock.

The article Create and use VeraCrypt volumes appeared first on www.winhelp.us

 

Ctrl+F searches in the contents







Next: VeraCrypt system drive encryption
Previous: VeraCrypt