Re: VERACRYPT?


Aman Singer
 

Hi Olusegun,

The answer to both your questions is yes. Before I go into how, I
should say that the following doesn't apply if you're trying to defeat a
government-level attacker. If you're trying to do that, that is, if one of
the more despotic or forceful governments of the world is going to be
interested in these USB drives or the machines they're on, there are other
solutions which, though they may not work, will stand up to attack for a
good deal longer than the below. If that is the case, we should really take
this off list, as it has nothing to do with accessibility. The blind and
sighted are in the same boat.
Having said that, you can create an encrypted file container with
veracrypt for each main folder. I have pasted the instructions, from the
veracrypt documentation, below my name. This is an accessible process with
Jaws and NVDA except for the mouse movement for randomness. You can either
do this if you have a mouse or touch pad or have a sighted person do it. You
can also, depending on the abilities of any potential attacker, leave it.
From here, you have two options. First, you can create a new file container
for each of the subfolders and put that encrypted file container inside the
original container. To open the subfolder, you will have first to decrypt
the main container and then to decrypt the subfolder with a different
password. The user without the second password, that for the subfolder, will
know that the subfolder exists but will not know what is inside it. Note
that it is possible for the user of the main folder not to know even that
the subfolder exists, but this takes more work.
Alternatively, you can put, inside the main container, a subfolder
encrypted by another encryption application You can use any application
you like with the obvious caveats any user of encryption has to take into
consideration (is the application trustworthy, is it open source, is the
encryption implementation unbroken, etc). This is easier. Again, though, the
user of the main folder will know that the subfolder exists but will not be
able to access the contents.
I hope that's of use.
Aman

How to Create and Use a VeraCrypt Container
This chapter contains step-by-step instructions on how to create, mount, and
use a VeraCrypt
volume. We strongly recommend that you also read the other sections of this
manual, as they
contain important information.
STEP 1:
If you have not done so, download and install VeraCrypt. Then launch
VeraCrypt by doubleclicking
the file VeraCrypt.exe or by clicking the VeraCrypt shortcut in your Windows
Start menu.
STEP 2:
The main VeraCrypt window should appear. Click Create Volume (marked with a
red rectangle for
clarity).
STEP 3:
The VeraCrypt Volume Creation Wizard window should appear.
In this step you need to choose where you wish the VeraCrypt volume to be
created. A VeraCrypt
volume can reside in a file, which is also called container, in a partition
or drive. In this tutorial, we
will choose the first option and create a VeraCrypt volume within a file.
As the option is selected by default, you can just click Next.
Note: In the following steps, the screenshots will show only the right-hand
part of the Wizard window.
STEP 4:
In this step you need to choose whether to create a standard or hidden
VeraCrypt volume. In this
tutorial, we will choose the former option and create a standard VeraCrypt
volume.
As the option is selected by default, you can just click Next.
STEP 5:
In this step you have to specify where you wish the VeraCrypt volume (file
container) to be
created. Note that a VeraCrypt container is just like any normal file. It
can be, for example, moved
or deleted as any normal file. It also needs a filename, which you will
choose in the next step.
Click Select File.
The standard Windows file selector should appear (while the window of the
VeraCrypt Volume
Creation Wizard remains open in the background).
STEP 6:
In this tutorial, we will create our VeraCrypt volume in the folder F:\Data\
and the filename of the
volume (container) will be My Volume (as can be seen in the screenshot
above). You may, of
course, choose any other filename and location you like (for example, on a
USB memory stick).
Note that the file My Volume does not exist yet - VeraCrypt will create it.
IMPORTANT: Note that VeraCrypt will not encrypt any existing files (when
creating a
VeraCrypt file container). If you select an existing file in this step, it
will be overwritten and
replaced by the newly created volume (so the overwritten file will be lost,
not encrypted).
You will be able to encrypt existing files (later on) by moving them to the
VeraCrypt volume
that we are creating now. *
Select the desired path (where you wish the container to be created) in the
file selector.
Type the desired container filename in the File name box.
Click Save.
The file selector window should disappear.
In the following steps, we will return to the VeraCrypt Volume Creation
Wizard.
* Note that after you copy existing unencrypted files to a VeraCrypt volume,
you should securely erase (wipe) the original
unencrypted files. There are software tools that can be used for the purpose
of secure erasure (many of them are free).
STEP 7:
In the Volume Creation Wizard window, click Next.
STEP 8:
Here you can choose an encryption algorithm and a hash algorithm for the
volume. If you are not
sure what to select here, you can use the default settings and click Next
(for more information,
see chapters Encryption Algorithms and Hash Algorithms).
STEP 9:
Here we specify that we wish the size of our VeraCrypt container to be 250
megabyte. You may, of
course, specify a different size. After you type the desired size in the
input field (marked with a red
rectangle), click Next.
STEP 10:
This is one of the most important steps. Here you have to choose a good
volume password.
Read carefully the information displayed in the Wizard window about what is
considered a good
password.
After you choose a good password, type it in the first input field. Then
re-type it in the input field
below the first one and click Next.
Note: The button Next will be disabled until passwords in both input fields
are the same.
STEP 11:
Move your mouse as randomly as possible within the Volume Creation Wizard
window at least
until the randomness indicator becomes green. The longer you move the mouse,
the better (moving
the mouse for at least 30 seconds is recommended). This significantly
increases the
cryptographic strength of the encryption keys (which increases security).
Click Format.
Volume creation should begin. VeraCrypt will now create a file called My
Volume in the folder
F:\Data\ (as we specified in Step 6). This file will be a VeraCrypt
container (it will contain the
encrypted VeraCrypt volume). Depending on the size of the volume, the volume
creation may
take a long time. After it finishes, the following dialog box will appear:
Click OK to close the dialog box.
STEP 12:
We have just successfully created a VeraCrypt volume (file container).
In the VeraCrypt Volume Creation Wizard window, click Exit.
The Wizard window should disappear.
In the remaining steps, we will mount the volume we just created. We will
return to the main
VeraCrypt window (which should still be open, but if it is not, repeat Step
1 to launch VeraCrypt
and then continue from Step 13.)
STEP 13:
Select a drive letter from the list (marked with a red rectangle). This will
be the drive letter to which
the VeraCrypt container will be mounted.
Note: In this tutorial, we chose the drive letter M, but you may of course
choose any other
available drive letter.
STEP 14:
Click Select File.
The standard file selector window should appear.
STEP 15:
In the file selector, browse to the container file (which we created in
Steps 6-11) and select it.
Click Open (in the file selector window).
The file selector window should disappear.
In the following steps, we will return to the main VeraCrypt window.
STEP 16:
In the main VeraCrypt window, click Mount. Password
prompt dialog window should appear.
STEP 17:
Type the password (which you specified in Step 10) in the password input
field (marked with a
red rectangle).
STEP 18:
Select the PRF algorithm that was used during the creation of the volume
(SHA-512 is the default
PRF used by VeraCrypt). If you don't remember which PRF was used, just leave
it set to
"autodetection" but the mounting process will take more time. Click OK after
entering the
password.
VeraCrypt will now attempt to mount the volume. If the password is incorrect
(for example, if you
typed it incorrectly), VeraCrypt will notify you and you will need to repeat
the previous step (type
the password again and click OK). If the password is correct, the volume
will be mounted.
FINAL STEP:
We have just successfully mounted the container as a virtual disk M:
The virtual disk is entirely encrypted (including file names, allocation
tables, free space, etc.) and
behaves like a real disk. You can save (or copy, move, etc.) files to this
virtual disk and they will be
encrypted on the fly as they are being written.
If you open a file stored on a VeraCrypt volume, for example, in media
player, the file will be
automatically decrypted to RAM (memory) on the fly while it is being read.
Important: Note that when you open a file stored on a VeraCrypt volume (or
when you write/copy
a file to/from the VeraCrypt volume) you will not be asked to enter the
password again. You need
to enter the correct password only when mounting the volume.
You can open the mounted volume, for example, by selecting it on the list as
shown in the
screenshot above (blue selection) and then double-clicking on the selected
item.
You can also browse to the mounted volume the way you normally browse to any
other types of
volumes. For example, by opening the 'Computer' (or 'My Computer') list and
double clicking the
corresponding drive letter (in this case, it is the letter M).
You can copy files (or folders) to and from the VeraCrypt volume just as you
would copy them to
any normal disk (for example, by simple drag-and-drop operations). Files
that are being read or
copied from the encrypted VeraCrypt volume are automatically decrypted on
the fly in RAM
(memory). Similarly, files that are being written or copied to the VeraCrypt
volume are
automatically encrypted on the fly in RAM (right before they are written to
the disk).
Note that VeraCrypt never saves any decrypted data to a disk - it only
stores them temporarily in
RAM (memory). Even when the volume is mounted, data stored in the volume is
still encrypted.
When you restart Windows or turn off your computer, the volume will be
dismounted and all files
stored on it will be inaccessible (and encrypted). Even when power supply is
suddenly interrupted
(without proper system shut down), all files stored on the volume will be
inaccessible (and
encrypted). To make them accessible again, you have to mount the volume. To
do so, repeat
Steps 13-18.
If you want to close the volume and make files stored on it inaccessible,
either restart your
operating system or dismount the volume. To do so, follow these steps:
Select the volume from the list of mounted volumes in the main VeraCrypt
window (marked with a
red rectangle in the screenshot above) and then click Dismount (also marked
with a red rectangle
in the screenshot above). To make files stored on the volume accessible
again, you will have to
mount the volume. To do so, repeat Steps 13-18.



From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On Behalf Of
Olusegun -- Victory Associates LTD, Inc.
Sent: Thursday, November 30, 2017 5:12 PM
To: main@TechTalk.groups.io
Subject: [TechTalk] VERACRYPT?

Hello All:

I need some helpful advice! I have a batch of folders on a USB flash drive.


Question: Is it possible to use VeraCrypt to encrypt each folder such that
each folder can only be opened with its own unique password? Can subfolders
also be encrypted such that both a parent folder and a subfolder can have
different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an essential
documentation requirement in my line of business. Looking forward to
reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado

Join main@TechTalk.groups.io to automatically receive all group messages.