How to encrypt files and folders with VeraCrypt step by step

If you work with sensitive information on your computer or carry data on a USB drive everywhere, sooner or later you'll wonder how to... Encrypt files and folders with VeraCrypt So that no one can snoop without your permission. These days, losing a laptop, a USB drive, or having someone access your cloud storage can be quite a shock if that data isn't protected with strong encryption.

VeraCrypt has become one of the go-to tools for all of this: it's free, open source, and works on Windows, Linux, and macOS. In this article, you'll see, in great detail, How to use VeraCrypt to encrypt files, folders, disks, and USB drivesWhat advantages and disadvantages does it have compared to other options like BitLocker or 7-Zip, and in what cases is it worth taking the plunge and deploying it both personally and in companies?

From TrueCrypt to VeraCrypt: why VeraCrypt is recommended today

For many years TrueCrypt was the most popular program for encrypting disks and containers, but its The last stable version was in 2012 and the project was abandoned.In 2014, the developers posted a notice on the official website indicating that they were ceasing maintenance, suggesting the use of BitLocker on Windows or other solutions on Linux and macOS, and warning that there might be uncorrected security flaws.

The final version of TrueCrypt (7.2) only allows It can decrypt old volumes, but it no longer creates new encrypted containers.This, coupled with the suspicion of unpatched vulnerabilities, makes it an unwise option for protecting anything important today. Following its abandonment, an independent group of developers took the code and created a fork: VeraCrypt.

VeraCrypt inherited the foundation of TrueCrypt but has continued to evolve: security issues have been fixed, and new features have been added. new encryption and hashing algorithmsPerformance has been greatly improved and advanced features have been incorporated, designed for both home users and corporate environments.

Therefore, if you are seriously considering encrypting your information, the current recommendation is clear: Always use VeraCrypt instead of TrueCryptYou have updated versions for Windows, Linux, and macOS, support for multiple capabilities, and a very active community behind it.

Key features of VeraCrypt for encrypting files and folders

VeraCrypt is not just a program for password-protecting a folder; it's a very complete disk and volume encryption suiteThese are its most important functions, viewed with some calm reflection:

• Encrypted containers in a single fileYou can create an encrypted "file disk" (a volume) that you then mount as if it were another drive on your system. Everything you copy into it will be protected. It's ideal for keeping sensitive documents in a single file, uploading them to the cloud, moving them via FTP, or saving them to a USB drive or external hard drive.
• Encryption of USB drives, SD cards and external hard drivesInstead of a single file, VeraCrypt can encrypt the entire unitWhen you connect the device, Windows will tell you that it needs to be formatted; you cancel and mount it from VeraCrypt by entering the key.
• Encryption of specific partitionsIf you prefer not to touch the entire disk, you can encrypt only one partition of the disk or USB and leave others unencrypted for general use.
• System disk encryptionOn Windows, VeraCrypt is capable of encrypt the partition where the operating system is installed (or the entire disk). When you turn on the computer, a small loading screen will appear. Boot asking you for your password before Windows even starts.
• Real-time encryption and decryptionThe entire encryption process happens "on the fly," transparently. You work with the mounted drive as usual, and VeraCrypt handles encryption on writing and decryption on reading.
• Acceleration by hardware with AES-NIIf your processor supports AES-NI, AES encryption is incredibly fast. Modern CPUs achieve read/write speeds far exceeding those of the hard drive itself, so the performance impact is usually minimal.
• Hidden volumes and plausible deniabilityYou can create a hidden volume within another volumeA "normal" password is used to mount the external volume; a different one is used to mount the internal secret volume. Not even a forensic expert can prove that there is a hidden volume, allowing you to give a "compromise" password under duress.
• MultiplatformVeraCrypt works on Windows, Linux, macOS, and binaries for FreeBSD are also available. Furthermore, the volume format is cross-system compatible, allowing you to move a container from one OS to another without issue.
• Open source and auditedThe tool is open source, with a permissive license, and has passed independent audits (QuarksLab, German BSI), something especially valued in regulated environments.

Download and install VeraCrypt on Windows, macOS, and Linux

The wisest course of action to avoid surprises is to always download VeraCrypt from your [source/source]. Official SiteFrom the section of downloads You can download:

• Installer for Windows (with normal or “portable” option).
• Packages for Linux y MacOS.
• Source code in case you want to audit it or compile it yourself.

In Windows, running the installer opens the typical wizard where you choose whether you want Install or extract in portable modeIf your plan is to encrypt USB drives, flash drives, and similar devices, it's usually practical to extract the portable version and copy it to an unencrypted part of the device itself, so you can decrypt it on any PC without reinstalling anything.

However, if you are going to encrypt the disk where the operating system is locatedYou need to install VeraCrypt using the standard method so it can configure the bootloader and the entire startup process. The wizard itself suggests creating a rescue disk in case something goes wrong during encryption.

After installation, VeraCrypt may show you a small guide for starters Highly recommended if it's your first time using it: it explains the difference between encrypted containers and partitions, full disk encryption, the available algorithms, and the sensitive points to consider.

On macOS, you may need to install an additional component (such as OSXFUSE or macFUSE) before the system can mount the volumes created by VeraCrypt. On Linux, depending on your distribution, you'll either have pre-made packages or you'll need to use a generic installer.

Create a "normal" encrypted container with VeraCrypt

The most flexible way to use VeraCrypt is to create a volume in a fileIn other words, it's an encrypted virtual disk that's saved as a single file on your system. It can be used to encrypt specific folders and documents, or to create a portable "safe."

The process, using Windows as an example, follows this general logic (the screens may change slightly depending on the version and language, but the flow is the same):

1. Open VeraCrypt and click on “Create volume” in the main window to start the wizard.
2. Choose “Create an encrypted file container” and go to the next step.
3. Choose “Common VeraCrypt Volume” (we'll look at the hidden volume later) and click next.
4. In “Volume Location”, click on “Select file…”Navigate to the folder where you want to save the container (for example, the Desktop or an external drive), type a filename, and confirm. Do not select an existing file; you are defining the name of the new container.
5. Select the symmetric encryption algorithmBy default, AES is displayed, which is currently the recommended standard, especially if your CPU supports AES-NI. You can use the benchmark button to test which algorithm performs best on your system. Then choose the hash function (SHA-512 or SHA-256 are good options, balancing security and performance) and continues.
6. Indicates the volume sizeThis is where you decide how many MB, GB, or TB you want your encrypted virtual disk to have. It's important to think carefully because you can't expand it later without recreating the volume.
7. Define how access will be authenticated: you can use a password, key file Or combine both. The usual approach is to use a password, but security is significantly increased if you also add a key file stored in a separate location.
8. VeraCrypt will warn you if your password is too short or simple. Ideally, use a long phrase with uppercase letters, lowercase letters, numbers, and symbols, that has no direct connection to your personal life.
9. Choose File System within the volume: FAT or exFAT are suitable if you are not going to store files larger than 4 GB; if you plan to store large files or are only going to use it on Windows, NTFS It's more practical; if you need to switch from FAT32 consultation How to convert FAT32 to NTFS without losing data.
10. Define, if desired, additional authentication policies and advanced options according to your needs.
11. Before forma tearThe assistant will ask you to move the mouse randomly over the window for a few seconds. This generates entropy and strengthens the volume's internal keys. When the randomness quality bar turns green, click "Format" to create the encrypted volume.

When finished, VeraCrypt will display a success message and you can close the wizard. Your container file is now created and ready to be mounted as a disk drive whenever you want.

Mounting and unmounting an encrypted volume with VeraCrypt

Creating the container is not enough; to work with it you have to assemble it as a new unit of the file system. This is very simple:

1. In the VeraCrypt main window, select a free drive letter (for example, “E:” or “B:”).
2. Press on “Select file…” if it is a file container, or in “Select device” if it is a partition or disk.
3. Navigate to the .hc file you created, select it, and confirm.
4. Click on "Mount"A window will open asking for your password (and, if you have configured it, the key file and the PIM).
5. Enter your credentials and accept. If everything is correct, VeraCrypt will mount the volume, and you will see a new drive letter appear in "This PC" with the letter you selected.

From then on, you'll work with that unit like any other: you can copy, move, edit and delete files and folders As you wish. Everything inside the volume will remain encrypted in the container file; outside of it, it will not.

When you're finished, to properly close the safe simply go to VeraCrypt and click on "Disassemble" You can unmount that drive or "Unmount all" if you want to close all volumes at once. Once unmounted, the drive disappears from the system and your data becomes inaccessible without the password.

Hidden volumes in VeraCrypt: extra protection under pressure

One of VeraCrypt's most powerful (and least known) features is the ability to create a hidden volume within another encrypted volume. The objective is very specific: protect the most sensitive data even in cases of blackmail or coercion.

The practical idea is this: the "normal" volume appears as a typical encrypted file. If someone forces you to reveal the password, you can give them the key to the external volume, which contains unimportant but credible information. Within that same file, in a seemingly random area, there might be a hidden volume accessible only with a different password.

The process of creating the hidden volume is very similar to that of the normal volume, but with two consecutive phases:

• First, the “external” volume (the visible one) is created, choosing size, encryption algorithm, password, and file system.
• Next, the assistant suggests you create the volume hidden in the free space of the external, defining another (smaller) size, another set of algorithms if you want, and a second password.

Once created, everything hangs from the same container file. When mounting:

• If you enter the external volume passwordThis volume is assembled with its "filler" content.
• If you put the hidden volume passwordOnly the hidden volume will be mounted, not the external one.

It's crucial to leave enough free space on the external volume to avoid overwriting the hidden volume. For example, if your external volume is 50 MB and the hidden volume is 25 MB, you shouldn't fill the external volume beyond 25 MB, as this could corrupt the hidden data without you even realizing it.

Encrypt a USB drive, SD card, or entire external hard drive

Beyond file containers, VeraCrypt allows encrypt a unit of storage fully removableThis is highly recommended for USB drives that are passed from hand to hand or used outside the office.

The general pattern is this:

1. Connect the device (USB, SD, external hard drive) to the computer.
2. Open VeraCrypt and click on “Create volume”.
3. Choose the option “Encrypt partition/secondary drive”since it is not the system disk.
4. Decide if it will be a common or hidden volumeFor normal use, the standard one is usually sufficient.
5. Click on “Select device” and choose the partition or drive corresponding to your USB drive or external hard drive. Double-check the drive letter and size to avoid selecting the wrong drive.
6. Select from: “Create an encrypted volume and format it” (It deletes all the content but is faster) or “Encrypt partition while preserving data” (It tries to retain the data, but it may take considerably longer).
7. Configure the encryption and hash algorithms as in the case of the file container (AES + SHA-256 or SHA-512 is a commonly used combination).
8. Choose your authentication method (password and/or key file), move your mouse to generate entropy, and click "Format." Keep in mind that formatting will erase everything on that drive.

When finished, Windows will stop recognizing the contents of the drive and will ask you to format it if you try to open it from Explorer. Don't format anything from there.Simply cancel, go to VeraCrypt, select the physical drive in “Select device”, choose a logical letter and click on “Mount” entering your password.

Once mounted, you will see two references: the physical letter of the USB (for example, E:, which represents the raw device) and the logical letter of the encrypted volume (for example, F:), which is where you will actually be able to read and write encrypted data.

Encrypting the system disk with VeraCrypt in Windows

For users who handle particularly sensitive data or for companies, a very serious measure is encrypt the entire operating system partition (or the entire disk) with VeraCrypt. This prevents someone from removing the disk, mounting it on another computer, and reading it without any problem.

The procedure requires more care than encrypting a USB drive, because a mistake or an unexpected power outage could result in system loss. The key points are:

• Make full backup from your data before starting, using tools like Acronis, Macrium or the imaging system you usually use.
• In VeraCrypt, go to “Create Volume” and choose “Encrypt the entire system partition/drive”.
• Choose between mode "Normal" (your current system's encryption) or mode "Hidden" (an operating system hidden within another, designed for very advanced plausible deniability scenarios).
• Decide whether to encrypt only the Windows partition or the entire disk, and if the computer has multiple boot systems, select the appropriate scheme.
• Configure encryption and hashing algorithms, set the boot password, and generate a rescue disk that allows the charger to be restored in case of problems.
• Define, if you wish, policies of secure erase for files that are being deleted within the encrypted system.
• Let VeraCrypt perform a boot test and, if all goes well, start the full encryption process, which may take a while depending on the size and speed of the disk.

From that moment on, every time you turn on your PC, a small VeraCrypt prompt will appear before Windows starts loading. If you forget that password and you don't have backups or a rescue disk, you'll lose all your data.Therefore, it is advisable to manage these keys with great care.

Other ways to encrypt files and folders in Windows and Linux

Although VeraCrypt is very powerful, there are other methods for Protect files and folders in Windows without needing to install anything extra, or using simpler programs for specific cases.

Windows Integrated Encryption

In Windows 10 and 11 there is a file and folder level encryption This feature is included in some editions. From File Explorer, you can right-click on a folder, go to Properties > Advanced, and select "Encrypt contents to protect data." The files will then appear with a small padlock icon and will only be readable by you.

This method has limitations: if someone accesses your session while it's already started, they can open those EFS-encrypted files without problemsFurthermore, key management is not as intuitive as it should be, and it is not suitable for sharing portable encrypted containers between computers.

ZIP file encrypted with 7-Zip

For very simple cases, such as sending a folder by email with some protection, you can use 7-ZipIt allows you to create a password-protected .7z or .zip file using AES-256 encryption. It does not encrypt disks or partitions, but it does loose files or specific folders quickly.

Simply select the files, choose "Add to archive…", specify the format, enter a strong password, and select the encryption method. From then on, anyone receiving the file will need the password and a compatible file decompression program to open it.

Linux alternatives: LUKS and disk encryption in Ubuntu

In Linux, many distributions (such as Ubuntu) already include built-in encryption mechanisms. For example, the tool “Records” In GNOME, you can format a USB drive by selecting the Linux-compatible encryption option (LUKS + Ext4). You then set a password, and the entire device is protected.

In that case, the system will ask for the password every time you connect the USB drive. It's a very convenient option if you only work on Linux, although it's not as portable to Windows or macOS as a VeraCrypt container.

Reasons to encrypt files, folders, and devices

You might still be wondering if all the fuss is worth it. The truth is, there are plenty of everyday situations where Encrypting your data makes a big difference:

• Upload files to the cloudNo matter how reputable your provider is, vulnerabilities, misconfigurations, or unauthorized access can always occur. If you upload data already encrypted with VeraCrypt, even if there's a data breach, they'll only see unintelligible noise.
• Share computersAt home or at work, it's common for several users to share a computer. Encrypting a folder or volume with VeraCrypt prevents someone with physical access from snooping through your most personal documents.
• Protect yourself from malware and attackersIn the case of Trojans attempting to steal documents, encryption adds an extra layer of protection. If the attacker does not obtain the decryption key, the files will be useless to them.
• Compromised accountsIf an attacker manages to gain access to an email account or service where you store documents, Encrypting them greatly reduces the damageIt's not enough to steal the file; you also need the key.
• Legal and regulatory obligationsMany organizations are legally obligated to encrypt the personal data they process (health, ideology, finances, etc.). Legislation such as the GDPR in Europe or the LOPD in Spain requires technical measures such as encryption for certain risk levels.
• Lost or stolen devicesUSB drives and portable hard drives are lost and stolen with alarming ease. Encrypting the contents minimizes the impact and prevents them from falling into the wrong hands.

Disadvantages and risks of encrypting files with VeraCrypt

It would be unfair to hide the other side: Encryption also has its drawbacks and it's best to know them before launching:

• Loss of keyThis is the big trap. If Forgot your password? If you lose the key file and have no copies, the encryption will have done its job too well: you won't be able to recover your own data.
• Impact on performanceAlthough the impact is reduced with AES-NI, encrypting large volumes (especially on older equipment or without hardware acceleration) can make disk operations somewhat slower.
• CompatibilityNot all OS or devices natively understand VeraCrypt volumes. You need the software (or its portable version) to mount the containers, which complicates things a bit in very heterogeneous environments.
• Risk of corruptionAs with any volume, a power outage, abrupt removal of a USB drive while writing, or physical damage can corrupt the encrypted container. If the volume header is damaged and you don't have a backup, you could lose all the contents.
• Complexity of useCompared to integrated solutions like BitLocker, VeraCrypt requires a bit more of a learning curveespecially when you delve into the realm of hidden operating systems, PIM, key files, and so on.

VeraCrypt in business: uses, advantages and limitations

In the corporate world, VeraCrypt is used for much more than encrypting "four folders". Thanks to its... open source, cross-platform, and cryptographically robustMany organizations adopt it as a key part of their data protection strategy, especially in mobile devices and removable media.

Some very common scenarios are:

• Remote employee laptopsEncrypting the entire disk ensures that, in case of theft or loss, corporate information will not be exposed.
• External backupsThe disks used for off-site backups are encrypted with VeraCrypt, so if someone gets hold of them, all they see is a meaningless block of data.
• Transport of sensitive informationWhen it's necessary to cross borders or through complicated areas with sensitive data, the hidden volumes VeraCrypt offers plausible deniability in the face of aggressive inspections.
• Laboratories, offices and public administrationsExpert reports, medical records, administrative files, or legal documentation are stored in encrypted volumes to resist both external attacks and internal unauthorized access.

However, it has its limitations in very large environments: it doesn't offer it as standard. centralized key management or direct integration with Active Directory or MDMSystem encryption is only supported on Windows (on Linux and macOS it is limited to containers and data partitions).

Secure password and key management in VeraCrypt

VeraCrypt's security rests on a delicate point: How do you manage encryption keys?Some basic principles worth applying from day one are:

• Generate robust keysAvoid short or predictable passwords. Aim for long phrases, combine different character types, and if possible, use a cryptographic password generator.
• Do not store the key with the encrypted dataIt seems obvious, but it's a common mistake. Key files and passwords should be in separate locations, preferably in secure password managers like KeePassXC, Bitwarden, etc.
• Establish roles and access In companies: define who can create, use or revoke volumes; and periodically audit those accesses.
• Periodic rotationIn corporate environments, it's a good idea to change passwords periodically, especially on shared volumes, and immediately revoke any that may have been compromised.
• Volume header backupsVeraCrypt allows you to create a "Backup Volume Header" to recover a container if the header becomes corrupted. Saving this copy in a safe place can save you from a major problem.

If you combine good key management habits with the robust encryption technology offered by VeraCrypt, the protection you get for your files, folders, and devices is very high and, in many cases, more than meets the requirements of the strictest data protection regulations.

Using VeraCrypt to encrypt files and folders might seem a bit complicated at first, but once you understand how volumes work, the difference between containers and entire disks, and get used to mounting and unmounting drives, it becomes a fairly convenient routine that provides a a very serious layer of security on laptops, USB drives, and cloud storageIf you add to that the fact that it's free, open, and audited, it's hard to find such a flexible alternative for protecting your information both at home and at work.