Using VeraCrypt in CentOS (2): Encrypted Volume Type

Keywords: Attribute Windows

Introduction of Encrypted Volume Types

The first step in creating an encrypted disk using the wizard is to let us select the type of encrypted volume. Use the wizard to create VeraCrypt encrypted disk, click here

[root@localhost src]# veracrypt -t -c
Volume type:
 1) Normal
 2) Hidden
Select [1]: 1

(1) Type of Encrypted Volume

There are two types of encryption volumes:

1. Standard VeraCrypt Encryption Volume (Normal):

What is created here is a regular encryption volume.

2. Hidden VeraCrypt Encryption Volume (Hidden):

Maybe in some cases, some people will force us to tell him the password of the encrypted volume, and in many cases we can't refuse this request (for example, there is violence). In this case, these problems can be solved by using this hidden encryption volume without leaking the password of the hidden encryption volume.

(2) Hidden Encryption Volume Types

There are also two scenarios for creating hidden encryption volumes:

1. Conventional Model

The wizard will first help you create an ordinary VeraCrypt encryption volume, and then continue to create a hidden encryption volume in that ordinary encryption volume. This method is usually used under the GUI interface and is suitable for users who are not familiar with VeraCrypt.

2. Direct Model

This mode can be used in both GUI interface and command line mode. When using this mode, VeraCrypt creates a hidden VeraCrypt encryption volume in an existing VeraCrypt encryption volume. Let's assume that we have created a VeraCrypt outer encryption volume suitable for creating a hidden VeraCrypt volume.

2. Creating Hidden Encryption Volume

Next, we will build a VeraCrypt hidden encryption volume through the implementation:
Here I first made a VeraCrypt encryption volume as the outer encryption volume, the size of the encryption volume is 2GB; I want to create a new 500 MB hidden volume inside.

1. Start the Create Encrypted Volume Wizard and select 2, Hidden
[root@CenOS6A ~]# veracrypt -c -t
Volume type:
 1) Normal
 2) Hidden
Select [1]: 2

After returning, the guide will pop up the following prompt:
IMPORTANT: Inexperienced users should use the graphical user interface to create a hidden volume. When using the text interface, the procedure described in the command line help must be followed to create a hidden volume.
Tips if you are an inexperienced user, please use the GUI interface to create hidden encryption volumes.

2. Select the outer encryption volume and specify the size
Enter volume path: /dev/sdb

Enter hidden volume size (sizeK/size[M]/sizeG): 500M
3. The remaining steps

The remaining steps are the same as creating standard encryption volumes. For details, click here
It should be noted that the password entered and confirmed here is the password specified for hiding the encrypted volume, which is different from the password of the outer encrypted volume; Veracrypt uses the password to distinguish whether the conventional or hidden encrypted volume is mounted. When creating hidden volumes, you do not need to enter the password of the outer encrypted volumes.

4. The wizard will give the following prompts after the creation of the hidden encryption volume is completed:
The hidden VeraCrypt volume has been successfully created and is ready for use. If all the instructions have been followed and if the precautions and requirements listed in the section "Security Requirements and Precautions Pertaining to Hidden Volumes" in the VeraCrypt User's Guide are followed, it should be impossible to prove that the hidden volume exists, even when the outer volume is mounted.

WARNING: IF YOU DO NOT PROTECT THE HIDDEN VOLUME (FOR INFORMATION ON HOW TO DO SO, REFER TO THE SECTION "PROTECTION OF HIDDEN VOLUMES AGAINST DAMAGE" IN THE VERACRYPT USER'S GUIDE), DO NOT WRITE TO THE OUTER VOLUME. OTHERWISE, YOU MAY OVERWRITE AND DAMAGE THE HIDDEN VOLUME!

It roughly means:

Hidden volumes have been created successfully. If you follow the user's manual, even if the outer encryption volumes are mounted, others will not be able to know the existence of the hidden volumes. If you do not choose to protect the outer encryption volumes when loading the outer encryption volumes, it is possible to overwrite or destroy the hidden encryption volumes.

III. Mounting Encrypted Volume

(1) mounting outer encryption volume

1. Mount the outer encryption volume:
[root@CenOS6A ~]# veracrypt /dev/sdb /mnt
Enter password for /dev/sdb:
Enter PIM for /dev/sdb:
Enter keyfile [none]:
Protect hidden volume (if any)? (y=Yes/n=No) [No]: yes

Here you need to enter Yes. Because after loading the outer encrypted volume, when writing data, if the default No is used here, there will be damage to the hidden volume. So if you need to write data into a layer-by-layer encryption volume, be sure to choose Yes

2. Enter the password for the hidden encryption volume
Enter password for hidden volume:
Enter PIM for hidden volume:
Enter keyfile for hidden volume [none]:

After successful mounting, the following prompts appear:

The hidden volume is now protected against damage until the outer volume is dismounted.

WARNING: If any data is attempted to be saved to the hidden volume area, VeraCrypt will start write-protecting the entire volume (both the outer and the hidden part) until it is dismounted. This may cause filesystem corruption on the outer volume, which (if repeated) might adversely affect plausible deniability of the hidden volume. Therefore, you should make every effort to avoid writing to the hidden volume area. Any data being saved to the hidden volume area will not be saved and will be lost. Windows may report this as a write error ("Delayed Write Failed" or "The parameter is incorrect").

It means:

Hidden Encryption Volume in Card Protection before Unloading Outer Encryption Volume
Warning: If data is attempted to be stored in the hidden volume area, VeraCrypt will protect the entire encryption volume (outer and hidden volumes) until it is uninstalled. This can lead to an error in the file system of the outer encryption volume. If repeated, it will also affect the concealment of the hidden encryption volume. Therefore, you should try to avoid writing any data to the hidden encryption volume area. Any data saved to the hidden encrypted volume area will not be saved and will be lost! Windows may report write errors ("delayed write failure" or "incorrect parameters").

3. View disk mounting:
[root@CenOS6A ~]# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3        19G  1.1G   17G   7% /
tmpfs           499M     0  499M   0% /dev/shm
/dev/sda1       477M   76M  376M  17% /boot
/dev/loop0      2.0G  3.0M  1.9G   1% /mnt

Display the size of the outer encryption disk space is 2GB, OK no problem!

(2) Mounting hidden encryption volumes

1. Mount hidden encryption volumes:

The outer encryption volume mounted before uninstalling:

veracrypt -d /mnt
[root@CenOS6A ~]# veracrypt /dev/sdb /mnt
Enter password for /dev/sdb:
Enter PIM for /dev/sdb:
Enter keyfile [none]:
Protect hidden volume (if any)? (y=Yes/n=No) [No]:

Because the hidden encryption volume is mounted, there is no need to protect the hidden encryption volume here, just return to the train.

2. View disk mounting:
[root@CenOS6A ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda3              19G  1.1G   17G   7% /
tmpfs                 499M     0  499M   0% /dev/shm
/dev/sda1             477M   76M  376M  17% /boot
/dev/mapper/veracrypt1
                      477M  2.3M  449M   1% /mnt

The size of the hidden encryption volume is 500MB, OK is no problem! ____________

Posted by btoles on Sat, 23 Mar 2019 00:18:54 -0700