Using VeraCrypt

Overview

If you want to protect a large number of files, an encrypted file container using the free/open-source VeraCrypt software might be the best option.  This will protect files at-rest on your computer, but with one main caveat.  You need to make sure to close (dismount) the encrypted volume when you are not working with those files.  If you always just open the encrypted area when you start your computer and leave it open, it is not sufficiently protected from any malware or cyber-criminal.

For more information on encryption in-general, see our "Encryption Guide".

If you are planning on protecting college data with VeraCrypt - we'd encourage you to consult with the Information Security Officer, Paul Chauvet, before starting.  He can discuss whether or not this would be a good fit for the business processes or your department, or the appropriateness of the protection for your research data.

Veracrypt Installation

Before using VeraCrypt, you must install it.  If you are using a college computer on Windows 10 - please open a request through this site (here), choose "Software Install" for the request type, and ask for VeraCrypt to be installed.  If you are installing it yourself, see the instructions below:

1. Download VeraCrypt for free from their website: https://www.veracrypt.fr/en/Downloads.html.  Once there, click on the appropriate installer (for Windows or Mac).  The instructions below are for Windows (Mac instructions coming later).
2. Once you have it downloaded, run the installer.
3. Review the license terms if desired, then (if you choose to proceed) click on "I accept the license terms" box and click Next.
4. Leave the install type as "Install" and click Next
5. Leave the default options and click Install.  You should momentarily get a "VeraCrypt has been successfully installed" message.  Click OK, then Finish.  

Setting up a VeraCrypt volume

1. Open VeraCrypt (it should have an icon on your desktop).  If this is the first time you are using VeraCrypt, or you otherwise need to create a new encrypted volume (for different tasks/work/data), click the Create Volume button.
   
2. Choose Create an encrypted file container.
   • Warning: Do not use the 'encrypt the system partition or entire system drive' option on any college owned computer.  Doing so on a personal computer may make your system unusable if not done correctly.  If you do so on a personal device, ITS is not able to support you.
3. Leave the "Standard VeraCrypt volume" option selected and click Next.
   
4. Choose a file location.  If this will be a file shared with colleagues in your department, choose a OneDrive or G:\ drive location.  Otherwise, select a place on your computer, such as your Documents or Desktop folder.  We recommend that you put the extensioin .vc at the end of the file name as in the screenshot below.  Optionally - uncheck the "Never save history" button for easier access to the file.  Click Next when done.
   
5. You can leave the Encryption Algorithm (AES) and Hash Algorithm (SHA-512) as the defaults.  They are suitable forms of encryption.  Click Next when done.
   
6. Choose a size for your volume.  In most cases, unless you are encrypting large data types like video, 500 MB is sufficient.
   
7. Choose a password for the volume (and re-enter it in the Confirm box).  Press Next when done.
   • Note: See our "Password Guidance" article for tips on passphrases/passwords.
   • Warning: If this data is for your department, please make sure to share the password with at least one other person in your department.  This password is not tied to your user but tied to the data - because of this, ensure you don't use a password that you use for other systems/services.  If you lose the password your data is unrecoverable.
8. You will be prompted to move your mouse around to generate 'randomness' for the encryption function.  Do so then click Format when finished.  You'll be notified that the volume has been successfully created and can click OK, then Exit.
   

Opening a VeraCrypt volume

A VeraCrypt volume should only be opened on a single computer at a time.  Opening it on multiple computers at the same time (if you keep the file in OneDrive or your department G drive) can lead to data loss.

1. Open VeraCrypt
2. Click an open/unused drive letter (like the "Z" drive), then click the Select File button.
3. Navigate to the file and double click on it
4. Click Mount.  You will be prompted for the encrypted password/passphrase that was entered when the volume was created.
5. You will then have that new drive letter available to you to use.  You can move sensitive data to that drive, or save new files to that location.
   

Safely closing a VeraCrypt volume

When you are finished reading/saving encrypted files - you should close the encrypted volume.  Doing so will protect the data and make it inaccessible until it is mounted again (as per the "Opening a VeraCrypt volume" instructions above).

You can do this by clicking the Dismount button within VeraCrypt.  If you have multiple VeraCrypt containers open, you will have to click on each drive letter and then Dismount.

Note: You have to have any files that are stored in the container closed when you dismount.  If you have any files in the container open, you'll receive an error upon attempting to dismount.

Warning: Choosing to force the dismount can result in lost data