It’s a good idea to encrypt your digital life. Especially when you upload it to the cloud. You can already encrypt files and encrypt folders using macOS, but you might want to consider adopting a tool like VeraCrypt.
VeraCrypt is a completely free, open-source and cross-platform utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication.
Today we’re going to take a quick look on how to use VeraCrypt on macOS. However, the process is similar on Linux and Windows.
1. Download VeraCrypt and FUSE and install.
2. Load VeraCrypt and click “Create Volume”
3. You will see the VeraCrypt Volume Creation Wizard. Here you can choose if you want to create an encrypted file container or encrypt a non-system partition, USB stick, external drive etc. We’re going to create an encrypted container.
4. On next step you can choose if you want to create a standard or hidden volume. VeraCrypt provides info on what this means. We’re going to create a standard volume. The standard volume option is selected by default, so you can just click Next.
5. Now you need to specify where you want the VeraCrypt volume ( file container ) to be created. You can specify a name and assign tags.
NOTE: a VeraCrypt container is a file. Just like all the files on your drive. It can be moved or deleted like any other file. Also, VeraCrypt will NOT encrypt any existing files when creating a container. If you select an existing file in this step, the file will NOT be encrypted but overwritten ( hence lost ) by VeraCrypt. File encryption starts later in this tutorial.
6. Now you can choose the encryption type and hash algorithm for the volume. If you are unsure what to choose, you can the default options and click Next.
7. Now you can specify the size of your VeraCrypt container. For this example I’m going to set my VeraCrypt container to be 5GB. You can of course set a different size.
8. Here’s one of the most important steps. Choose a password for your volume. A good, strong password. Read the information displayed by VeraCrypt.
NOTE: you can also use a keyfile alongside your password. A keyfile can be any file on your drive ( photo, mp3 etc ) that you will need to provide alongside your password in order to decrypt the volume and the files inside. If you want to use a keyfile, read the info that VeraCrypt provides.
9. Next you will be asked if you need to store files larger than a certain size in the volume. Choose the option that suits your needs best.
10. Next you will be asked to choose the container’s filesystem type and if you want cross-platform support for the volume.
11. In the next window you will need to format the container but before you do that move your mouse as randomly as possible within the Volume Creation Wizard at least until the randomness indicator bar fills. This significantly increases the cryptographic strength of the encryption keys. When you’re done, click Format.
NOTE: you can continue to move your mouse even after the randomness indicator bar is full. The more you move it the better ( at least 30 seconds is recommended )
12. You’re done. You’ve created your first container. Click OK.
13. Now click Exit ( unless you wish yo create a new volume )
14. Now if you go to the path specified in step 5 you should see a blank file with no extension. That’s your VeraCrypt container.
15. So what do you do with that container? Back to the VeraCrypt window, select a drive number ( doesn’t matter which one ), click on select file and choose the container then click Mount. Type in your password and click OK.
16. Now when you open a Finder window you should see your container mounted just like a USB stick for example.
17. You can start to copy your files inside that container. When you’re done, go back to VeraCrypt and click “Dismount”
Understand what’s happening….
1. The VeraCrypt container you create behaves like a real disk and is fully encrypted (including file names, allocation tables, free space, etc.) Once mounted, you can copy files to the container, just like you would on a USB stick for example, and they will be encrypted on the fly as they are being copied.
2. If you open a file directly from the container, it will be automatically decrypted in your computer’s RAM as you use it.
3. You will not be asked for your container’s password when you copy/remove files to/from the container or open up a file on the VeraCrypt container.
4. VeraCrypt never saves any decrypted data to a disk – it only stores data temporarily in RAM. Even when the volume is mounted, data stored in the volume is still encrypted. When you restart macOS or turn off your computer, the volume will be dismounted and all files stored on it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), all files stored on the volume will be inaccessible (and encrypted). To make them accessible again, you have to mount the volume.
Now here comes the tricky part for most people…. how do you use a VeraCrypt volume/container on iOS? Because we’re all so used to the comfort of cloud services that auto-sync files across devices.
The volume, being encrypted, can be safely uploaded to any cloud storage. ( NOTE: never ever upload sensitive data to the cloud without encryption. No, not even iCloud ).
On iOS you can use Disk Decipher or Crypto Disks & File Explorer.