Held in high regard by many, VeraCrypt is a free and open-source file encryption program. Users can take advantage of VeraCrypt’s advanced security features to protect important files.
People normally use VeraCrypt to create encrypted file containers within a drive. But you can also encrypt entire partitions and drives using it. Windows users in particular can encrypt their system drives and partitions. Here’s how you can secure your Windows system by using VeraCrypt.
Encrypting a Windows Storage Drive or Partition With VeraCrypt
VeraCrypt users commonly protect their files inside an encrypted file container. But VeraCrypt can also be used to create other types of encrypted volumes.
Windows users can use VeraCrypt to encrypt their entire system drive. They can also partition their hard drive, then encrypt a partition with VeraCrypt. With system encryption, users will need to enter the correct password before opening Windows.
This option is only available for Windows users as an alternative to BitLocker, Windows’ file encryption program. This is especially important if you use a Home version of Windows, since BitLocker is only available for Windows Pro and Enterprise users. Linux users can instead encrypt their drives using LUKS. And macOS users can use the FileVault to encrypt their system drives.
To do this, start by clicking Create Volume in VeraCrypt’s main window. This will take you to the VeraCrypt Volume Creation Wizard. Click the Encrypt the system partition or entire system drive option, then click Next.
The wizard will prompt you to select a type of encryption for your system drive. Users have the between creating a normal or hidden drive or partition.
Choose your preferred encryption type and click Next.
The next step is choosing an area to encrypt. You can choose between encrypting the Windows system partition or the entire drive. Encrypting the whole drive has the advantage of protecting all its partitions.
Choose your preferred area to encrypt and click Next.
If you choose to encrypt the whole drive, VeraCrypt may warn you that a non-standard partition exists on your internal hard drive. Only click Yes if you are sure that your drive does not have any recovery partitions. Recovery partitions could be rendered incapable if encrypted.
VeraCrypt will also account for drives running two or more operating systems. If you’re dual-booting Linux or another OS, then select the Multi-boot option. If not, then stay on the Single-boot option and click Next.
On the Encryption Options screen, you can choose an Encryption Algorithm and Hash Algorithm. These algorithms determine how VeraCrypt will encrypt your volume. When you’re done choosing or are fine with the default options, click Next.
Choose a strong password for your drive or partition and enter it in the Password box, and again in the Confirm box.
You can also set a Personal Iterations Multiplier (PIM) number for your Windows drive. A PIM controls the number of times your password is hashed before VeraCrypt can use it to decrypt the system drive. This step is optional. You can leave the Volume PIM value blank or set it to 0 to use the default PIM value. Once you’ve set a PIM number, click Next.
The wizard will begin collecting random data. This random data increases the cryptographic strength of your drive’s encryption keys. Move your mouse around the window randomly until VeraCrypt has collected enough randomness. Once this is done, click Next.
A User Account Control pop-up may ask you to allow VeraCrypt to make changes to your device. Click Yes.
Once VeraCrypt has generated the encryption keys, you will need to create a rescue disk. Having a rescue disk for an encrypted system drive is essential. You can use it if the VeraCrypt Boot Loader, Windows, or any other critical data gets damaged.
VeraCrypt will create a rescue disk as an ISO file. Select the location for your rescue disk file, then click Next.
VeraCrypt will prompt you if you do not have a CD/DVD burner on your system. Once your rescue disk is created, you need to burn it to a CD/DVD drive. Since CDs and DVDs are hard to come by these days, you can also flash the ISO file to a USB drive. You also have the option to store it externally for later flashing or burning.
In any case, make sure that the rescue disk is outside your system once it’s created. Also, note that every VeraCrypt rescue disk is unique to its encrypted drive. Select the appropriate option for your use case to continue.
The wizard will prompt you to select a mode of wiping any unencrypted data left on the system. You should at least select 1 pass (random data) if you have any deleted or overwritten files. Once you have selected the appropriate wipe mode, click Next.
VeraCrypt will run a pretest before encrypting your drive. Restart your computer to begin the pretest.
Upon restart, your computer will go through the VeraCrypt Boot Loader. You will have to type your password on the boot loader to decrypt your system and open Windows. You will also need to input your encrypted drive’s PIM number if you set one earlier.
Once you’ve opened your Windows desktop, VeraCrypt will notify you that the pretest is finished. Click Encrypt to begin encrypting your Windows drive or partition.
Depending on your drive or partition size, the encryption process can take some time. If you need to use your Windows PC in the meantime, you can pause or defer the encryption process by clicking Defer.
Once VeraCrypt completes the process, your Windows system drive or partition will be encrypted. You will have to go through the VeraCrypt Boot Loader every time your start up your computer. You can rest easier knowing that strong encryption is protecting your desktop.
How to Remove VeraCrypt Encryption From a Windows Drive or Partition
If you need to remove VeraCrypt’s encryption from your Windows drive or partition, click Volumes on VeraCrypt’s main window. Next, click Permanently Decrypt.
VeraCrypt will prompt you twice to make sure that you really want to decrypt your drive/partition. Click Yes on both pop-ups to begin the permanent decryption process.
Like system encryption, permanent Windows system decryption will take some time. You can click Defer if you need to use your PC during decryption.
Once VeraCrypt finishes decrypting your drive, restart your computer. This will finally remove encryption from your system drive or partition.
Why Should You Encrypt Their Drives With VeraCrypt Instead of BitLocker?
VeraCrypt serves as a strong alternative to Windows’ BitLocker program. Bitlocker is proprietary software owned by Microsoft. It’s only available on Pro and Enterprise versions of Windows. While BitLocker is effective and convenient, it only supports the AES algorithm for encryption.
Meanwhile, VeraCrypt is free and open-source. It supports many encryption ciphers besides AES. VeraCrypt is also available to all versions of Windows, macOS, and Linux. The program also has many advanced features to ensure that your files secure.