veracryptsecurity > data_security > veracrypt
Veracrypt is currently the only encryption software I am aware of, which runs under Windows, Linux and BSD. That makes it a good choice for external storage devices. Web: veracrypt
A really cool feature veracrypt offers is nested encryption.
Veracrypt comes with a GUI interface, which is not beginner friendly, but
does its job. I will however concentrate on the command line interface,
which is better called with
-t as first parameter, because even
veracrypt -t --help would otherwise show its help in a window.
Create a volume
veracrypt -t --create /dev/sdX
If you want to encrypt more disks with the same password and unlock them automatically, you can use a keyfile for that:
dd if=/dev/urandom of=/dev/shm/generated.password bs=4k count=1 conv=sync veracrypt -t --create /dev/sdX --keyfiles=/dev/shm/generated.password --random-source=/dev/urandom --quick
Remember to backup
/dev/shm/generated.password as it will not survive a
reboot in that place (/dev/shm is usually stored to RAM).
Open a volume
The volume can then be unlocked with
veracrypt --filesystem=none --keyfiles=/dev/shm/generated.password /dev/ada7
and the result is visible with
Close a volume
In order to close all volumes:
or an individual
veracrypt -d /dev/ada7