Encrypting files and containers with VeraCrypt

  • VeraCrypt allows you to encrypt containers, partitions, and entire disks with robust algorithms such as AES, Serpent, and Twofish.
  • Normal and hidden volumes offer different levels of confidentiality, including plausible deniability mechanisms.
  • It is a multi-platform, free and open source solution, suitable for both personal and legally demanding professional use.
  • Encryption provides great security, but it requires good password management, backups, and compatibility between systems.
Joaquin Romero

15 minutes

How to use VeraCrypt for file encryption

Protect your files with strong encryption It's no longer something exclusive to security experts or tech geeks. We handle more and more sensitive data: work reports, legal documents, passwords, copies of ID cards or medical records, and simply losing a laptop or a USB drive can end in a major headache… and legal penalties if you're handling third-party data.

At the same time, We store information on all types of devices and systemsUSB drives, external hard drives, company laptops, personal computers, and, of course, cloud services. Many of these environments are not under your direct control, so relying solely on usernames and passwords falls far short. This is where VeraCrypt comes in, a powerful, free, and open-source tool that allows you to encrypt files, containers, partitions, and even entire systems.

What is file encryption and why should you care?

When we talk about encryption, we are referring to a process by which The data becomes unreadable. for anyone who doesn't have the correct key. Without that key, the content appears as a meaningless string of bits, even if an attacker copies the file or the entire disk.

From a professional point of view, You are responsible for the data you handle.If you work with personal information, files, internal documentation, exams, records, or financial data, you must prevent unauthorized people from accessing them, both inside and outside your organization.

Think of very common scenarios where Encryption makes all the difference: a work laptop stolen on the train, a forgotten USB drive with student or patient data, a shared folder on a server used by several colleagues, or documents uploaded to the cloud in plain text that can be accessed by a malicious administrator or an attacker who compromises the platform.

In all these cases, if the files are encrypted correctly, The physical loss of the device does not imply a leak of information.The attacker may be able to take the hardware, but will not be able to read its contents without the correct key and parameters.

VeraCrypt as a solution: encrypted containers, partitions, and disks

VeraCrypt is a disk and container encryption tool that allows Protect data with different algorithms such as AES, Serpent or TwofishIt is the direct successor to TrueCrypt, a project that was abandoned in 2014 amid considerable controversy, despite several independent audits deeming the software secure.

Nmap and Wireshark internet network security
Related article:
Apps to improve security in Windows 11: beyond antivirus

After TrueCrypt was abandoned, a group of developers took its open-source code and created VeraCrypt. fixing bugs, improving security, and adding new featuresTo this day, VeraCrypt remains under active development, receiving updates that include security patches, new algorithms, and performance improvements.

With VeraCrypt you can create encrypted volumes in various ways:

  • Encrypted virtual disks (containers)A single file that acts as a "disk" where you store everything you want. VeraCrypt mounts it as if it were another drive.
  • Encryption of partitions or entire devicesFor example, a USB flash drive, an SD card, or an entire external hard drive.
  • Encrypting the operating system disk or partition: adding pre-boot authentication, similar to what BitLocker does.

In all cases, encryption and decryption are performed automatically, in real time and transparentlyThe operating system sees a "normal" disk and you work with your files as usual, but physically what is written to the device is encrypted.

Why VeraCrypt and not TrueCrypt, BitLocker, or other tools?

TrueCrypt was the benchmark for disk encryption for years, but The last full stable version dates back to 2012In 2014, the official website announced that they were ceasing development of the project and recommended migrating to BitLocker or other alternatives, even warning of possible security problems.

The latest version of TrueCrypt (7.2) is only useful for decipher existing volumesIt doesn't allow you to create new containers or configure encryption. Continuing to use it today to encrypt new information is not a good idea: it doesn't receive patches, it doesn't adapt to new threats, and if a serious vulnerability appears, no one will fix it.

VeraCrypt took over as a fork of the original code, plugging holes, hardening cryptographic parameters, and adding more algorithms symmetric encryption and hashing. Among the most notable improvements are enhanced protection against dictionary and brute-force attacks, and optimizations to take advantage of hardware encryption instructions such as AES-NI.

Compared to other alternatives, the scenario would be more or less like this:

  • BitLockerIntegrated into Windows (Pro and Enterprise editions), it's very convenient for encrypting the system disk without complications, but it's proprietary software and gives less fine control to the advanced user.
  • 7-ZipIt's not a disk encryption suite, but it does allow Compress and protect files with AES-256, useful for sending individual files by email or uploading something protected to the cloud.
  • VeraCryptOpen source, cross-platform (Windows, Linux, macOS, FreeBSD) and Highly flexible for creating volumes, encrypting partitions and entire disksIt requires a bit more of a learning curve, but it offers a level of security and control that other options cannot match.

If your priority is absolute convenience in Windows and you only want the system disk encrypted, BitLocker may be enoughIf you need portable containers, cross-system compatibility, hidden volumes, or enhanced cryptographic control, VeraCrypt is the logical choice.

Key features and benefits of VeraCrypt

How to use VeraCrypt for file encryption

VeraCrypt stands out for a number of features that make it a very powerful option for both individual users and organizations looking for raise the level of protection of your data.

  • Encrypted containers in filesYou can create a file that acts as a "safe" where you put all the sensitive information, ideal for saving it on a USB drive, uploading it to a server, or sending it by email.
  • Encryption of removable devicesUSB drives, external hard drives, SD cards… The entire device is encrypted, and Windows will ask you to format it if you try to open it without VeraCrypt (never accept that format if you want to keep your data).
  • Encryption of specific partitionsIf you don't want to encrypt an entire disk, you can protect only one partition of it.
  • Encrypting the disk or partition where Windows is installed: very useful for laptops, since The entire system, including temporary files and free space, is encrypted.
  • Real-time encryption and decryption, completely transparent: the user doesn't have to do anything beyond entering the password when mounting the volume.
  • AES-NI CompatibilityIf your processor supports AES instructions via hardware, read/write performance skyrockets and the impact on the system is minimal.
  • Hidden volumesThey offer a plausible deniability mechanism in case you are forced to reveal a password under duress, without revealing the existence of the truly sensitive volume.
  • MultiplatformIt works on Windows, GNU/Linux and macOS, and the volume format is compatible across them.
  • Open source and auditedVeraCrypt has been reviewed by various security organizations, which adds an extra layer of trust.

Regarding usability, The interface is relatively simple.However, it's true that, compared to ultra-simple tools or very basic assistants, it can be a little intimidating at first. In return, you have many customization options and advanced parameters to adjust it to your needs.

Encryption, hashing, and performance algorithms

VeraCrypt supports several symmetric encryption algorithms, and can even combine several in cascade to increase robustnessAmong the most commonly used are:

  • BEA (Advanced Encryption Standard), commonly used because it is a widely analyzed and very efficient standard, especially with AES-NI.
  • Serpent y TwofishRobust alternatives to AES that can also be used alone or in combination.

By default, VeraCrypt chooses AES, which for most uses is More than enough in terms of safety and speedIf your processor supports AES-NI, you can reach very high speeds, far exceeding what current physical hard drives typically offer, so you won't notice a significant performance penalty.

In addition, hashing algorithms are used such as SHA-512 or SHA-256 for deriving keys and verifying integrity. SHA-512 is extremely strong, while SHA-256 offers a good balance between security and performance; nowadays, on a modern computer, the practical differences for the user are minimal.

Password system, key files and PIM in VeraCrypt

One of VeraCrypt's strengths is that it allows you to combine up to three different types of authentication to protect a volume:

  • Password: the classic secret phrase or word, which must be long, complex and not reused.
  • KeyfileOne or more files (images, MP3s, documents, or randomly generated files) that act as part of the key. Without this file, the password alone is useless.
  • PIM (Personal Iterations Multiplier): a secret number that controls how many iterations are used to derive the key from the password, drastically increasing resistance to brute force attacks.

For example, you can create a volume that requires password + key fileor password + PIM, or all three at once. This greatly complicates an attacker's job even if they know your password but don't have the key file or the PIM value.

When creating a volume, VeraCrypt will also ask you to move the mouse randomly over the windowThis movement generates additional entropy to create more robust keys, and you'll see a bottom bar turn green when enough randomness has accumulated.

Volume types: normal, hidden, and device encrypted

When you set up VeraCrypt, you can choose from several volume types depending on what you want to protect and the level of confidentiality required.

Normal volumes

A "normal" volume is simply an encrypted container or an encrypted partition/drive. with a single password or set of keysIt is the simplest method and covers most daily needs, from saving personal documents to creating a secure space on a USB drive.

In Windows, for example, you would create a container, choose the size, encryption algorithm, and file system (FAT, exFAT, NTFS…), define your password, and after formatting, You would assemble it as a new unit (for example, E: or F:). Everything you copy into there will be automatically encrypted.

Hidden volumes and plausible deniability

Hidden volumes are one of VeraCrypt's most unique features. Basically, a hidden volume is created within a normal volume. a second "invisible" volume which only loads when you enter a different password.

The logic is this: you can have an external volume that looks like your "secret drive" and contains relatively sensitive but expendable information, and a hidden internal volume where you actually You store the most sensitive data (bank passwords, compromising documents, etc.).

In case of blackmail, coercion or threats, you can reveal the password for the normal volume and There is no technical way to prove that a hidden volume exists inside, since the encrypted data inside is indistinguishable from random noise.

However, you must be very careful: if the external volume occupies 50 MB and the hidden volume 25 MB, you must not fill the external volume above a certain limit, or you could overwrite and destroy part of the hidden volumeVeraCrypt includes warnings and wizards to minimize this risk.

Full encryption of removable devices

Another very useful option is encrypt a usb stick, SD card or entire external hard drive. In those cases, VeraCrypt allows you to either Format the device and create a new volume (fast but destroys everything that came before), or encrypt the partition while preserving the data, a much longer process.

The process is simple: you choose "Encrypt partition/secondary drive," select the device (for example, drive E: where the USB drive is located), define the password, algorithms, and optionally key files or PIM files, and finally format or start the encryption. From then on, to use that storage you will have to Mount it first with VeraCrypt and enter the key; the operating system will see it as another encrypted drive.

Create a Live USB with TAILS OS
Related article:
How to create a Live USB with Tails OS to leave no trace on the network

Encrypting the system partition or drive

If you want to go a step further and fully protect your computer, VeraCrypt allows you to Encrypt the partition where Windows is installed or the entire diskIn this case, pre-boot authentication is enabled: when you turn on the computer, before Windows loads, a small boot manager appears asking for your password.

This process must be done with great care: it is recommended perform full backups of the system, use a very strong password and create the rescue disk that VeraCrypt offers, in case there are problems with the boot manager or the volume itself.

In addition, they can be configured secure deletion policies for files deleted within the encrypted system, further reducing the possibility of forensic recovery of supposedly deleted information.

Using VeraCrypt on Windows, Linux, and macOS

VeraCrypt is cross-platform, which makes it much easier to use. same encrypted container on different operating systemsYou can have a USB drive with a VeraCrypt volume that you can mount on Windows, GNU/Linux, or macOS without any major problems.

On Windows, installation is done using a classic wizard. You can install VeraCrypt on the system or extract it in "portable" mode to carry it on a USB drive and run it without installation on other computers (provided you have administrator privileges).

On GNU/Linux, VeraCrypt can be installed from repositories (in some distributions) or from packages provided on the official website. Integration with [unspecified platform] is also available. udisks and gnome-diskTherefore, by enabling support for TrueCrypt/VeraCrypt volumes via a configuration file (e.g., tcrypt.conf), it is possible Mount volumes from the GNOME disk utility without launching the VeraCrypt interface directly.

On macOS, it works similarly to Windows: you download the installerYou install the application and then create/mount volumes from the graphical interface. Containers are cross-system compatible as long as the volume's file system (FAT, exFAT, NTFS, etc.) is readable by each platform.

Other encryption options integrated into operating systems

Although VeraCrypt covers virtually any complex encryption need, there are also alternatives integrated into operating systems for certain scenarios.

In Windows, for example, you have the integrated file and folder encryption (EFS). From a folder's properties, you can select "Encrypt contents to protect data," and Windows will ensure that other users on the computer with different accounts cannot read those files. It's convenient, but the protection is limited to the system itself: if someone compromises your account or logs in with your profile, they will be able to access the data.

Alternatively Protect individual files by creating password-protected ZIP archives. Using tools like 7-Zip, you can encrypt the contents of a compressed file with AES-256, ideal for sending by email or saving a small set of documents. However, it's not suitable as a substitute for encrypting entire disks or partitions.

In GNU/Linux, distributions like Ubuntu incorporate tools for Encrypt USB drives and disks from the Disk UtilityYou select the volume, choose to format with encryption (usually LUKS + a file system like ext4), define a strong password, and you're done. When you connect the device, the system will ask for the password to mount it.

Legal obligations and reasons for encrypting your data

Beyond technical security, there is a key factor: comply with data protection regulationsIn Spain and Europe, legislation (LOPD, GDPR and associated regulations) establishes that the data controller must apply appropriate technical and organizational measures to protect personal data, especially when they are of a medium or high level (ideology, health, affiliations, financial data, etc.).

Certain entities are especially required to use encryption: law firms, public administrations, anti-money laundering companies, organizations that manage trade secrets or sensitive intellectual property information, companies that handle whistleblower files, etc.

In many of these contexts, basic protections such as session passwords or password-protected ZIP files are not enough. Additional measures are required. robust cryptographic mechanisms, proper key management, and cryptographic hardware management proceduresTools like VeraCrypt fit very well with these requirements, provided they are accompanied by internal policies and training.

Even outside of professional settings, encrypting data makes sense in many everyday scenarios: upload files to the cloud, share equipment, protect against malware or theftIf, for example, you store passwords in text files, financial documents on a USB drive, or carry work information on a personal laptop, leaving all that unencrypted makes it far too easy for anyone who manages to access the device or your accounts.

Disadvantages and risks of encryption without planning

Although encryption is a very powerful layer of protection, it is not without its flaws. drawbacks and risks if not managed wellIt's important to clarify a few points before you start encrypting everything:

  • Loss of keyIf you forget your password, lose your key file, or don't remember your PIM, the data is practically unrecoverable. The encryption is designed precisely so that no one can bypass it.
  • Performance penaltyEncryption consumes CPU. On large volumes or older systems, the initial encryption process or intensive usage may be noticeable, although with modern CPUs and AES-NI the impact is much less.
  • CompatibilityNot all devices or operating systems support all encryption methods. If you're moving containers between Windows, Linux, and macOS, make sure you use compatible file systems and have VeraCrypt or the necessary tools installed on all machines.
  • Risk of corruptionA power outage or hardware failure while writing to an encrypted volume can cause corruption. In some cases, even minor damage to the header can lead to corruption. leave the entire volume inaccessible.
  • Software dependencyIf you use a very specific format that depends on a certain program and that program stops being developed or is not compatible with future systems, you may run into problems opening your data in the long term.

The sensible way to approach encryption is combine it with reliable backupsMaintain documentation of passwords and parameters in a secure password manager and regularly test that you can restore and mount your volumes without problems.

Final considerations

Overall, using VeraCrypt to encrypt files, containers, partitions, and entire disks allows you to Take a giant leap forward in protecting your informationwhether it is personal data or professional documentation subject to data protection laws.

Advanced clipboard and snippet management
Related article:
Advanced clipboard and snippet management

As long as you plan your passwords well, maintain backups, and are clear about where and how you're going to use those volumes (and on which systems), you'll get a flexible, robust, and much more reliable solution than leaving your files in plain text simply trusting that "nobody will look." Share this VeraCrypt file encryption guide so others can learn about it.