Encrypted File Storage

It may sometimes be necessary to transport data via unsecured means, such as mailing a thumb drive, or taking it home to continue working from your home office. Since there is a risk of loss, it is of high importance that a third party cannot access this data. To this end, the drive can be encrypted with VeraCrypt.

Principles of Encryption

Even if we describe usage of VeraCrypt in more detail on subpages, we should preface the general principles of operation:

  • VeraCrypt uses so-called encryption containers. Think of these containers, to a first approximation, as folders: they can contain folders and files, can be copied to thumb drives, sent as mail attachments, and so on.
  • Unlike a folder, a container requires both the (free) VeraCrypt software and a password to access its contents. Without the password, the contents cannot be retrieved. There is no way of setting a new password without knowing the old one. (This is good if you lose the thumb drive and somebody finds it; it is bad if you forget the password.)
  • For technical reasons, a container has a fixed size when it is created. The amount of data it can hold is limited by this size, and the container itself always appears as a file of this size, regardless of how much actual data is in it.
    • To protect a thumb drive, it's most useful to choose the total size of the thumb drive as container size, minus a safety margin of, say, 150MB. This unencrypted remainder can be used to keep a copy of the VeryCrypt software itself.
    • To protect mail attachments, you should choose a much smaller container size, such as 1MB, depending on your files.
  • Before it can be used, the container must be unlocked with the password ("mounted"). Afterwards, the container will look just like an additional drive as large as its size. It can be used transparently with any software to open, save and copy files, etc., until explicitly locked ("unmounted") again. As a consequence, the container primarily protects unplugged thumb drives or powered-down computers. It does not protect against viruses, ransomware or other malicious software on your computer.