Today’s article is going to talk a little bit about how to use Veracrypt in order to encrypt both a file volume and a flash drive. Veracrypt can be downloaded from here.
Once you install the program, let’s take a look at what it looks like.
I recommend you spend some time in the Help menu – particularly in the ‘User’s guide” and “Beginner’s Tutorial”.
Veracrypt can encrypt your files in a few different ways. The first way is creating a volume. The volume is almost like a file itself – it can be copied, pasted, etc. It acts, in a way, like a super secure .zip file (without the file compression). The second way you can encrypt your files is by encrypting an entire hard drive or flash drive. This method in particular could be useful if you were using a dead drop system to pass a One Time Pad as you could buy a lot of inexpensive flash drives, encrypt them, and then use them in your drops.
Veracrypt also has a really cool future that I may touch on in a later article called Hidden Volumes. Basically, this creates a volume within a volume, and each volume has a separate password. This could be useful if you are forced to open the volume at gun point. The idea is that in the outer volume you have some sensitive looking documents but not the actual files you want to encrypt. If you were forced at gunpoint to open the volume, your actual files would be safe (since they use a different password). This may be something that many of you are interested in.
Volumes
To create a Volume, click on the “Create Volume” button in the lower left of Veracrypt. Here, a menu gives you some options. For now, we are going to stick with the default option of “Create an encrypted file container”. The second option is used for encrypting flash drives or external hard drives, and the third option is for encrypting the hard drive that runs your Operating System. Click Next.
Here, we have the option of creating a Standard Volume or a Hidden Volume. Since we are just starting out, make sure Standard Veracrypt volume is checked and hit Next. Now it is time to decide where we want the Volume to be. Click “Select File”. To make it easy, navigate to your desktop. In the “File Name” line, name your file. Click Save and then Next.
The next screen is where you can chose what type of encryption you want to use. I will leave it up to all of you to figure out which one is best (to be honest, I don’t really understand the differences so I am not going to give you a recommendation – if you do, throw it in the comments). Once you do, click Next.
The next screen is where you get to decide how big you want the file to be. For this example, I am going to go with 1 GB but you can choose whatever you want (think about what you are wanting to store in it and use that as a guide). Once you decide, click Next.
This screen is where you create your password. I have two rules for you to follow: 1) use numbers, letters, and symbols, and 2) use capital letters and, if you want, spaces. A great way to get a strong password is to use a password manager like KeePassXC. I actually don’t have one set up yet, so I will be doing a future article on how to do that as well. You can also use keyfiles, which is like selecting a few different files you already have to use them as the password. It is not my favorite way of doing it, but YMMV. Once you have your password entered, click Next.
The next screen is very important. You are choosing both the filesystem you want and generating the random pool to make your encryption stronger. I generally tend to use an NTFS system because FAT filesystems don’t like files over 4 GB, but again do your research and choose the filesystem you want. Then, move your mouse as random as possible inside the window. You will see tons and tons of characters in the “Random Pool area. Do this for at least 60 seconds, but the longer the better. Once you are done, click Format.
Once the formatting is done, it is time to mount your file. Go back to the first window that appeared when you started Veracrypt. Now, click on Select File on the bottom right. Navigate to your file and select it, and then select Mount. Enter your password, and select OK. Once the file mounts, you can go into Windows Explorer. You will notice in your hard drive list under “Computer” on the left hand side, there will be a new hard drive. In my case, it is Local Disk (J:) as we can see the size is 0.99GB. You can now click on that and copy your files in! In order to dismount the volume, just select it again on the main screen of Veracrypt and click “Dismount”.
Flash Drive / External HDDs
To encrypt a flash drive, begin once again by clicking “Create Volume”. This time, select the middle option of “Encrypt a non-system partition/drive”. Click Next, and you see that once more we have the option of creating a Hidden or Standard volume. For this, I am creating a Standard Veracrypt Volume. Click Next.
Now, instead of creating a file, you are selecting the flash drive or hard drive you want to encrypt. Once you select your drive, click OK. You are given two options for the Volume Creation Mode. The first one is for when you have no files on the drive and want to encrypt it more quickly. If you choose this option AND you have files on the drive, they WILL be overwritten and lost. If you have files on the drive and you cannot or do not want to take them off, chose the second option, “Encrypt partition in place”. I have never used that second option because I am terrified something will go wrong and I will lose my files, but YMMV. Make your selection and click Next.
Just like creating the volume, select your encryption algorithm and click Next. Verify that the size on the screen is really close to the size of the drive you want to encrypt (in this case, my flash drive is 4 GB in theory and in the above picture we see it is 3.7 GB, which matches closely below which says 3.65 GB). If it is really off, go back and make sure you selected the right drive to encrypt – this is really important. Once you verify it is correct, click Next.
Once again, create your password (DIFFERENT FROM YOUR FIRST ONE – NEVER REPEAT) and click Next. The same rules from the Volume section apply to the password. Now choose your file type and click next (again, I personally use NTFS). Move your mouse around in the box again to random the Heading Pool and, once you are done with that, click Format.
In order to Mount the drive, you can select what letter drive you want to mount the volume in and either 1) Click “Auto-Mount Devices”, type in the password, and click OK, or 2) Click “Select Device” and choose the device on the screen. Then, access the drive just like the volume and copy your files in!
References
https://securityinabox.org/en/guide/veracrypt/windows/
https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html
https://www.veracrypt.fr/en/Plausible%20Deniability.html
From digital civil liberties champion Electronic Frontier Foundation,
Daisy Luther at the 
Lower Valley Assembly 