VeraCrypt Simplified User Manual for RUG employees

This is a simplified version of the VeraCrypt user manual created by the DCC using a Windows 10 system and is meant to guide the user through the installation of VeraCrypt, help decide what level of security is needed, and provide an easy to use, step-by-step diagram on how to obtain said security. Should there be any doubt on how to create an encrypted volume or how to manage it, please contact us at dcc@rug.nl.

IMPORTANT: Please note that VeraCrypt provides a level of security that is determined by the user’s behavior as much as by the program itself. Read through the guide carefully and take note of what kind of behavior should be avoided or followed.

  • DO NOT leave your machine unattended (especially when a VeraCrypt volume is mounted),
  • DO NOT cache your passwords or keyfiles needed to mount a VeraCrypt volume, and
  • FOLLOW THE GUIDELINES provided in this manual or the original VeraCrypt manual to the letter. You can find the original manual here: https://www.veracrypt.fr/en/Documentation.html

Should you decide not to do so, VeraCrypt cannot guarantee the security of your data (nor can the DCC).

Throughout this manual, we will assume that you are going to install VeraCrypt on a Windows machine. There are versions of VeraCrypt available for Linux and MacOS as well, but they are beyond the scope of this guide. Should you want to install VeraCrypt on Linux or MacOS, please refer to the original VeraCrypt manual for more information. If you still have questions, contact us at dcc@rug.nl.

What can you expect from VeraCrypt?

VeraCrypt is able to provide both encrypted volumes as well as encrypted operating systems. The idea behind such tools is to make it impossible to determine what data is stored in the volume/system and how big the data volume is. In order to do so, however, VeraCrypt needs the user to follow some basic conduct rules in order to prevent potential attackers from guessing the hidden information.

VeraCrypt also allows you to create a hidden volume/system inside a decoy volume/system in order to hide information from an attacker, should they have managed to get access to your password/machine. This procedure requires assistance from the DCC, as there are some risks to take into account when setting this up.

The way VeraCrypt encrypts and decrypts data is explained in detail in its manual. The short version of it is that the encrypted volume appears to contain random data and is inaccessible until the user provides a password and the volume is mounted by VeraCrypt. The data contained in the volume is decrypted on the fly by VeraCrypt and stored in your RAM. This prevents sensitive data from ever being written to disk, where it might be left unprotected should anyone gain access to your machine.

→ Move to the next step