Creating Encrypted Containers with VeraCrypt
(for simple file-based encryption - check the help files for a particular software product – many, such as Microsoft Office and Adobe Acrobat, have built-in tools to encrypt (password-protect) documents.
VeraCrypt is a cross-platform encryption tool that allows you to create ‘containers’ on your local hard drive. This allows you to create a password-protected container file that will mount as a “drive letter” in Windows Explorer only after a decryption key is entered -- without the decryption key, the data is unreadable by anyone who merely has access to the file. Think of this "file" as a password protected folder that only opens when properly unlocked.
The following instructions will walk you through basic setup on a Windows 10 computer.
(If you are on a Macintosh -- there are native tools built into the OS that achieve the same goal – see our Macintosh page here.)
If you are interested in a full-disk encryption solution with your Whitman-owned/managed device -- please contact the WCTS Help Desk or the Information Security Office for a discussion about the options available to you.
For personal machines – you are encouraged to seek out Microsoft's documentation on using Bitlocker drive encryption.
** Reminder: modern encryption tools are very powerful. If you lose or forget your decryption key (password) -- the encrypted data is effectively lost. Proceed with caution and understand the potential data loss risks.
Before proceeding you will need to install the VeraCrypt software:
Download VeraCrypt directly from the project home page
or from Sourceforge
<https://sourceforge.net/projects/veracrypt/> and follow the install instructions.
To create a new protected container:
Select Create Volume from the main application window.
Select Create an encrypted file container
Select Standard VeraCrypt volume
Click Select File… in the Volume Location window
Type in your desired filename and select the location in the file browser
(it is recommended to use a .hc file extension)
Choose Encryption and Hash Algorithms (defaults are fine)
Choose container size
Enter and confirm password for the container
Move the mouse around inside the Volume Format window to aid in creating complex, random cryptographic keys.
Click Format when you feel your key is sufficiently random
Click Exit in the Volume Created window
To mount and use your encrypted container:
Double-click on the .hc file in Windows Explorer
(or launch VeraCrypt and open from there)
Select a drive letter
Click the Mount button
Enter the container password
The container will now show up as the previously-chosen Windows drive letter.
The container will automatically dismount upon logoff.
You can now copy, move, or create data in this location. It is recommended that any sensitive data be stored in this encrypted location so the files are only ‘unlocked’ when the data is needed -- this adds an additional level of protection should someone gain access to your hard drive.
To disconnect the container/drive letter without logging out:
Open the VeraCrypt application
Select the drive letter you wish to dismount
Encrypted file containers can be moved and used on multiple computers provided both computers have VeraCrypt installed.