dotfiles/notes/linux/veracrypt.md
2023-12-23 20:13:52 -07:00

46 lines
1.5 KiB
Markdown

# Veracrypt
A cross-platform block device encryption program with support for passwords,
keys, hidden volumes, and manual PIM setting for security
Here we use `alias vera='veracrypt -t'` for the non-graphic interface
AES is the best all-round choice of cipher. Sha256 is the best choice of hash
Keyfiles must be prepared before locking a volume. `vera --create-keyfile` can
create one, or just use a few 100 bytes from /dev/urandom in a file.
Veracrypt devices must be mounted on a directory and require root access to use
`mount`
Dismount volumes with the `-d` option, providing a path to the mount point, the
name of the volume, or nothing to unmount all veracrypt volumes. Sometimes
veracrypt may fail to unmount. To check which process is using the container use
```bash
please fuser -vm <mount-point>
# For the really desperate
lsof
# Or if it must be closed no matter what process is using it
vera --force --dismount
umount -f <mount-point>
```
## Creating a new volume interactively
Start with `vera -c`. The most sensible default are:
```
Volume type: Normal
Volume path: /home/emiliko/file_name # Use absolute path!
Volume size?
Encryption Algorithm: (1) AES
Hash algorithm: (1) SHA-512
Filesystem: (8) Btrfs
```
## iNode problems
If you're making a very small container, you may run into inode issues. Btrfs
doesn't use inodes, so it should be ideal. However, btrfs requires a file system
over 1M for sure
Ext4 uses inodes and by default won't have nearly enough on a small drive. For
example, the default is 96 inodes for a 1M drive