27

I have a number of encrypted volumes on external media encrypted either with TrueCrypt or VeraCrypt. What is the recommended way to install and use VeraCrypt under Ubuntu?

Diogo Gomes
  • 560
Pawel Debski
  • 2,704
  • 8
  • 28
  • 40

4 Answers4

37

There is user Unit 193 who prepares ready builds of VeraCrypt on Launchpad. You can easily install it by adding his repo to Ubuntu sources:

sudo add-apt-repository ppa:unit193/encryption
sudo apt update
sudo apt install veracrypt

You should be aware that this repo is not related to the software developer and because of it you can't be 100% sure what you install or update in future. However Unit 193 is Xubuntu developer and he is well known in open source community. This is enough for me to sleep well.

s3m3n
  • 606
  • 1
    Sorry for not accepting your valuable answer, but I've chosen another path and did not test whether this repo actually works. Anyway thanks for knowledgable contribution. – Pawel Debski Aug 05 '17 at 11:56
  • 2
    I'm going to comment on this because it still applies to current versions. I think it's important to keep in mind that using a repository not related to the project in a security package as this, might not be the best idea. You should check thoroughly who is the owner before adding any repository, but this is specially important if the package will be handling confidential information. – Leo Gallego Aug 05 '18 at 19:51
  • 1
    @Leo I added proper notice for all ppl installing from this repo. – s3m3n Aug 06 '18 at 08:18
  • For your info: I've just used this method in Ubuntu 18.04 (Pop_OS) and it works. The repo contains 18.04 binaries. – Pawel Debski Jan 29 '20 at 23:38
  • 1
    @pawel-debski so you actually changed your mind and used my method? Cool. – s3m3n Jan 30 '20 at 07:09
  • This time I decided to venture on the other path that leads through the shadows on unknown :-) – Pawel Debski Feb 02 '20 at 19:15
  • sudo add-apt-repository ppa:unit193/encryption && sudo apt update && sudo apt install veracrypt – alchemy Feb 20 '22 at 06:02
16

I chose to download veracrypt-1.21-setup.tar.bz2, uncompress it and install manually:

  • Download the latest release (from link above):

    wget https://launchpad.net/veracrypt/trunk/1.23/+download/veracrypt-1.23-setup.tar.bz2

  • Unpack it:

    $ tar xvf veracrypt-1.23-setup.tar.bz2 
veracrypt-1.23-setup-console-x64  
veracrypt-1.23-setup-console-x86
veracrypt-1.23-setup-gui-x64
veracrypt-1.23-setup-gui-x86

  • Run your installer of choice:

    ./veracrypt-1.23-setup-gui-x64`

  • Done! Run veracrypt with

    vercrypt

I chose not to follow s3m3n's suggestion because I would prefer not to have encryption automatically updated so as not to lose access to encrypted containers in case of some incompatibility between versions.

VeraCrypt is mature and stable, and occasional manual updates can easily be handled.

Zanna
  • 70,465
Pawel Debski
  • 2,704
  • 8
  • 28
  • 40
  • 12
    «I would not like to have encryption automatically updated not to loose access to encrypted containers in case some incompatibility between versions.»

    One downside is that one needs to regularly check if there is an update that fixes security flaws

     – tuxayo Aug 11 '17 at 23:15
  • 1
    Is there any specific reason why the process you describe does not check signatures or checksums? – Tsundoku Jun 25 '19 at 16:24
  • Thanks for valuable comment. You're more than welcome to enhance my answer. – Pawel Debski Jun 26 '19 at 18:00
  • wget https://launchpad.net/veracrypt/trunk/1.25.4/+download/veracrypt-console-1.25.4-Ubuntu-20.04-amd64.deb && dpkg -i veracrypt-console-1.25.4-Ubuntu-20.04-amd64.deb – alchemy Feb 20 '22 at 06:08
  • For GUI: wget https://launchpad.net/veracrypt/trunk/1.25.9/+download/veracrypt-1.25.9-Ubuntu-20.04-amd64.deb && dpkg -i veracrypt-1.25.9-Ubuntu-20.04-amd64.deb && apt --fix-broken install.. apt fix adds two packages at 22MB. – alchemy Feb 22 '22 at 21:43
3

If you don't trust the PPA or prefer to install it yourself, you can follow this:

Read https://www.veracrypt.fr/en/Digital%20Signatures.html & download the tar.bz2 files.

Download the key with ID shown in the above webpage: 5069A233D55A0EEB174A5FC3821ACD02680D16DE

gpg --keyserver keys.gnupg.net --recv-key 5069A233D55A0EEB174A5FC3821ACD02680D16DE

Verify files (replace ## with the version of your installation):

gpg --verify veracrypt-1.##-sha256sum.txt.sig veracrypt-1.##-sha256sum.txt
gpg --verify veracrypt-1.##-setup.tar.bz2.sig veracrypt-1.##-setup.tar.bz2

Install files:

tar xvjf veracrypt-1.##-setup.tar.bz2
./veracrypt-1.##-setup-gui-x64

Done. You should have a GUI app in your desktop.

Note that if you don't have a trust chain to the PGP key, you only trust the key because the website says it's theirs, and so you trust the website hasn't been hacked, or the key compromised another way.

Clément
  • 271
  • 2
  • 14
pd12
  • 1,379
  • Note that the key has changed since then: https://sourceforge.net/p/veracrypt/discussion/general/thread/fcd0da57/ – Clément Aug 10 '19 at 23:22
2

All of the other answers rely on trusting somebody to compile VeraCrypt for you, with no possibility to check whether or not the executable has been tampered with.

Trust, but verify

To remedy this situation, I created a Dockerfile called docker-build-veracrypt which generates a reproducible build of the VeraCrypt executable, directly from the publicly available source code of VeraCrypt and wxWidgets on GitHub. You have the following options:

  • You can simply download the resulting executable.

  • You can download an image from Docker Hub containing the executable as the result of an automated build of my Dockerfile.

  • You can build the Dockerfile yourself, and producing the executable on your own hardware.

  • Reading my Dockerfile and performing similar commands, you can build the executable on your host system.

Moreover, I have provided checksums (MD5, SHA256 and BLAKE2) which you can use to verify that the results of the above four procedures agree. Thus it is easy for anyone to audit my build process.

Ben Mares
  • 207