Sunday, November 6, 2016

Raspberry Pi (Raspbian): installing VeraCrypt from binaries. Tutorial

Raspberry Pi (Raspbian): installing VeraCrypt from binaries. Tutorial

As you know TrueCrypt is't supported now. You can easily replace it with VeraCrypt, which can be found here.

Here you can find tutorial how you can install this software to your RPi and how to use it.

Updating system

First of all you need update your RPi, you can use my script

After this you need to install FUSE (w:FUSE):

$ sudo aptitude install libfuse-dev libfuse

Also, as I understand we need makeself, you can install it using:

$ sudo apt-get install makeself

Installing libwxbase:
$ sudo apt-get install libwxbase3.0-0

Installing VeraCrypt

Warning! This tutorial written for  VeraCrypt version 1.19 if you have different version just replace version specific information.

Going home
$ cd ~

Adding temporary directory
$ mkdir tmp

Downloading binaries
$ wget -L -O veracrypt-1.19-raspbian-setup.tar.bz2

Decompressing file:
$ tar -vxjf ./veracrypt-1.19-raspbian-setup.tar.bz2

Making files executable:
$ chmod +x veracrypt-1.19-setup-*

After this you will have executable file veracrypt-1.19-setup-console-armv7 Now you run it to complete your installation:
$ ./veracrypt-1.19-setup-console-armv7

You will see very simple to use installation menu and will be asked to accept user license. Cleaning up by removing installation files:
$ rm veracrypt-*

After install you can use VeraCrypt to work with your encrypted volumes.

You always can check you VeraCrypt version using:
$ veracrypt --version

My output is:
VeraCrypt 1.19

Using VeraCrypt

General information 

Please, note that you can find super short tutorial in VeraCrypt help just typing:
$ veracrypt --help

I'm strongly recommend to read Beginner's Tutorial Also, Command Line Usage can be interresting.

Adding new volume

Create encrypted volume:
$ veracrypt --text --create

After calling this you will be asked for many questions. Everything is simple except one thing: you will be asked to enter 320 randomly chosen characters and then press Enter. It's a little bit difficult, so we can optimize this using openssl (w: OpenSSL)

Generating random binary data (1024 symbols):
$ openssl rand -base64 1024 > ./secret_data

Note: if you do not have openssl you can install it easily with:
$ sudo apt-get install openssl

Note: you can use /dev/random (w: /dev/random) and /dev/urandom files. But it's less secure than use openssl.

Now create new volume:
$ veracrypt --text --create -v --random-source=./secret_data

After this you will be asked for questions about configuration. My answers (for testing) was (asnwer marking with yellow background):

Volume type:
 1) Normal
 2) Hidden
Select [1]: 1

Enter volume path: /home/pi/

Enter volume size (sizeK/size[M]/sizeG): 10M

Encryption Algorithm:
 1) AES
 2) Serpent
 3) Twofish
 4) Camellia
 5) Kuznyechik
 6) AES(Twofish)
 7) AES(Twofish(Serpent))
 8) Serpent(AES)
 9) Serpent(Twofish(AES))
 10) Twofish(Serpent)
Select [1]: 1

Hash algorithm:
 1) SHA-512
 2) Whirlpool
 3) SHA-256
 4) Streebog
Select [1]: 1

 1) None
 2) FAT
 3) Linux Ext2
 4) Linux Ext3
 5) Linux Ext4
 6) NTFS
 7) exFAT
Select [2]: 5

Enter password:
Re-enter password: (i used password "sdasdas8y2131" for testing)

Enter PIM: (hit Enter)

Enter keyfile path [none]: (hit Enter)

Done: 100.000%  Speed:  164 KB/s  Left: 0 s

The VeraCrypt volume has been successfully created.
Volume creation can take a lot of time, so be patient.
When volume created you can remove random bytes used for volume creation. You can use my sdelete utility for this operation.

$ sdelete ./secret_data

Note: after hitting enter when you asked for keyfile program can freeze for long time. I really don't know why.


As you know, mounting can be made to the  empty folder. Let's create it for example:
$ mkdir vera_folder
$ veracrypt /home/pi/ /home/pi/vera_folder

After that you will be asked for questions. Example output here:
Enter password for /home/pi/ (here you will be asked for password which you enterred before, in this test it's a "sdasdas8y2131")
Enter PIM for /home/pi/ (hit Enter)
Enter keyfile [none]:
(hit Enter)
Protect hidden volume (if any)? (y=Yes/n=No) [No]:
(hit Enter)

Warning! Mounting can take a lot of time. Be patient.

You can find that mounted folder belongs to root. Let's fix it.
Going to folder:

$ cd ~/vera_folder
$ sudo chown -R pi:pi .

Yes, last command with dot symbol at end.

Now you can work with files in this directory and everything will be stored in VeraCrypt volume.

List all mounted files 

You can list all mounted volumes by using:
$ veracrypt -l


You can dismount all volumes by using:
$ veracrypt -d
Or dismount only selected:
$ veracrypt -d /home/pi/vera_folder/ 

Hope you like it.



  1. Thank you for this wonderful tutorial!

    1. Your welcome. Glad that it's was useful to you!

  2. Hello,
    How do we run veracrypt in GUI and not in console?
    I have in the menu of the raspberry PI3 in "accessories" line "veracrypt". When you click on this line, you have the hourglass for 10 seconds and no window veracrypt opens.

    An idea?


    1. Unfortunately I never used GUI for veracrypt. Sorry

  3. Most reader-friendly tutorial I've read on Veracrypt on RPi! Thanks KittyHawk :)