Einführung in VeraCrypt

VeraCrypt ist ein Festplattenverschlüsselungsprogramm, das unter Windows, macOS und Linux funktioniert.

Vergleich zwischen LUKS und VeraCrypt

Sie können auch LUKS-verschlüsselte Volumes in Tails erstellen und öffnen. LUKS ist der Standard für die Festplattenverschlüsselung unter Linux. Siehe unsere Dokumentation zu LUKS.

Wir empfehlen Ihnen, Folgendes zu verwenden:

  • VeraCrypt zur gemeinsamen Nutzung verschlüsselter Dateien auf verschiedenen Betriebssystemen.
  • LUKS zum Verschlüsseln von Dateien für Tails und Linux.
LUKSVeraCrypt
KompatibilitätLinuxWindows + macOS + Linux
Neue Volumes erstellenJaAußerhalb von Tails< /td>
Vorhandene Volumes öffnen und ändernJaJa
Verschlüsselte Partitionen (oder ganze Festplatten) ¹JaJa
Verschlüsselte Dateicontainer ¹Kompliziert Einfach
Plausible Leugnung²NeinJa
BenutzerfreundlichkeitEinfacherKomplizierter
GeschwindigkeitSchnellerLangsamer
  1. Siehe den Unterschied zwischen Dateicontainern und Partitionen.

  2. Plausible Bestreitbarkeit: In einigen Fällen (z. B. bei VeraCrypt versteckten Datenträgern) ist es für einen Gegner unmöglich, die Existenz eines verschlüsselten Datenträgers technisch zu beweisen.

    Still, deniable encryption might not protect you if you are forced to reveal the existence of the encrypted volume. See VeraCrypt: Plausible Deniability.

To create new VeraCrypt volumes, do so outside of Tails. See the step-by-step guides by Security-in-a-Box on VeraCrypt for Windows.

Difference between file containers and partitions

With VeraCrypt you can store your files encrypted in two different kinds of volumes:

File containers

A file container is a single big file inside which you can store several files encrypted, a bit like a ZIP file.

Partitions or drives

Usually, drives (USB sticks and hard disks) have a single partition of their entire size. This way, you can encrypt a whole USB stick, for example. But, drives can also be split into several partitions.

Unlocking parameters

To unlock a VeraCrypt volume, you might need the following parameters, depending on the options that were selected when the volume was created:

Using a file container

Unlocking a file container without keyfiles

  1. Choose Applications ▸ Utilities ▸ Unlock VeraCrypt Volumes.

  2. Click Add and choose the file container that you want to unlock.

  3. Enter the parameters to unlock the volume. For more information, see the Unlocking parameters section above.

  4. Click Unlock.

    Unlock VeraCrypt Volumes unlocks your volume.

    If unlocking the volume fails (for example, if you mistyped the password), click on Unlock to try unlocking again.

  5. Click Open to open the volume in the Files browser.

Unlocking a file container with keyfiles

  1. Choose Applications ▸ Utilities ▸ Disks to start the Disks utility.

  2. Choose  ▸ Attach Disk Image… from the top navigation bar.

  3. In the Select Disk Image to Attach dialog:

    • Unselect the Set up read-only loop device check box in the bottom-left corner if you want to modify the content of the file container.

    • Choose All Files in the file filter in the bottom-right corner.

    • Navigate to the folder containing the file container that you want to open.

    • Select the file container and click Attach.

    An authentication dialog appears.

    Authentication required

  4. Enter the parameters to unlock the volume. For more information, see the Unlocking parameters section above.

  5. Click Unlock.

  6. Open your VeraCrypt volumes from the Places menu.

Using a partition or drive

Unlocking a partition on an external storage device

  1. Plug in the USB stick or hard disk that you want to unlock.

    An authentication dialog appears.

    Authentication required

  2. Enter the parameters to unlock the volume. For more information, see the Unlocking parameters section above.

  3. Click Unlock.

  4. Open your VeraCrypt volumes from the Places menu.

Unlocking a partition on an internal hard disk

  1. When starting Tails, set up an administration password.

  2. Choose Applications ▸ Utilities ▸ Disks to start the Disks utility.

  3. In the left pane, select the drive that corresponds to your hard disk.

  4. In the right pane, select the partition that corresponds to your VeraCrypt volume.

    It should have an Encrypted? label.

  5. Click the Unlock selected encrypted partition button in the right pane.

    An authentication dialog appears.

  6. Enter the parameters to unlock the volume. For more information, see the Unlocking parameters section above.

  7. Click Unlock.

  8. Select the file system that appears below the unlocked volume.

  9. Click the Mount selected
partition button to mount the volume.

  10. Click on the /media/amnesia/ link in the right pane to open the volume in the Files browser.

Ejecting a VeraCrypt volume

  1. Choose Applications ▸ Files to open the Files browser.

  2. In the sidebar of the Files browser, click on the Eject button on the label of your VeraCrypt volume.