This is a simplified version of the VeraCrypt user manual created by the DCC using a Windows 10 system and is meant to guide the user through the installation of VeraCrypt, help decide what level of security is needed, and provide an easy to use, step-by-step diagram on how to obtain said security. Should there be any doubt on how to create an encrypted volume or how to manage it, please contact us at dcc@rug.nl.

IMPORTANT: Please note that VeraCrypt provides a level of security that is determined by the user’s behavior as much as by the program itself. Read through the guide carefully and take note of what kind of behavior should be avoided or followed.

• DO NOT leave your machine unattended (especially when a VeraCrypt volume is mounted),
• DO NOT cache your passwords or keyfiles needed to mount a VeraCrypt volume, and
• FOLLOW THE GUIDELINES provided in this manual or the original VeraCrypt manual to the letter. You can find the original manual here: https://www.veracrypt.fr/en/Documentation.html

Should you decide not to do so, VeraCrypt cannot guarantee the security of your data (nor can the DCC).

Throughout this manual, we will assume that you are going to install VeraCrypt on a Windows machine. There are versions of VeraCrypt available for Linux and MacOS as well, but they are beyond the scope of this guide. Should you want to install VeraCrypt on Linux or MacOS, please refer to the original VeraCrypt manual for more information. If you still have questions, contact us at dcc@rug.nl.

VeraCrypt is able to provide both encrypted volumes as well as encrypted operating systems. The idea behind such tools is to make it impossible to determine what data is stored in the volume/system and how big the data volume is. In order to do so, however, VeraCrypt needs the user to follow some basic conduct rules in order to prevent potential attackers from guessing the hidden information.

VeraCrypt also allows you to create a hidden volume/system inside a decoy volume/system in order to hide information from an attacker, should they have managed to get access to your password/machine. This procedure requires assistance from the DCC, as there are some risks to take into account when setting this up.

The way VeraCrypt encrypts and decrypts data is explained in detail in its manual. The short version of it is that the encrypted volume appears to contain random data and is inaccessible until the user provides a password and the volume is mounted by VeraCrypt. The data contained in the volume is decrypted on the fly by VeraCrypt and stored in your RAM. This prevents sensitive data from ever being written to disk, where it might be left unprotected should anyone gain access to your machine.

Go to the VeraCrypt website (https://www.veracrypt.fr/en/Downloads.html) to download the Windows installer. Since you will be securing sensitive data, VeraCrypt points out that an attacker might have found a way to modify or replace the installer in order to gain access to your data. It is thus good practice to verify if the installer is legitimate or not. To do so, you want to verify the digital signature of the installer by following these steps:

1. Download the .exe installer.
2. After having downloaded the installer, right-click the VeraCrypt Setup[…].exe file and select Properties from the context menu.
3. In Properties, select the Digital Signatures tab.
4. In Digital Signatures, under Signature list, double-click the line saying IDRIX or IDRIX SARL.
5. The Digital Signature Details dialog window should appear. Look for the sentence “This digital signature is OK.” on the top of the dialog window. If the sentence is not displayed, then the file is very likely corrupted.

IMPORTANT: On some older, obsolete versions of Windows, some of the necessary certificates are missing, which is the reason the signature verification fails. Please consider using up-to-date versions of Windows.

For more information on this or a different way of verifying the digital signature of the installer, refer to the Digital Signatures section in the VeraCrypt manual.