This project has moved. For the latest updates, please go here.

cli in linux: creating hidden volume, stuck at step 4, "Create a filesystem on the virtual device of the outer volume."

Topics: Technical Issues
Jul 10, 2016 at 8:29 AM
Edited Jul 12, 2016 at 1:55 AM
I'm trying to learn the VC linux cli. I was stuck at step 4 of the instructions for
creating a hidden volume. These are the instructions:
= = = = = = = =
1) Create an outer volume with no filesystem.
2) Create a hidden volume within the outer volume.
3) Mount the outer volume using hidden volume protection.
4) Create a filesystem on the virtual device of the outer volume.
5) Mount the new filesystem and fill it with data.
6) Dismount the outer volume.
If at any step the hidden volume protection is triggered, start again from 1).
= = = = = = = =
OK, I finally got it, so I'm deleting all the stuff that didn't work from
this post and posting what did since a working example may help
somebody. I'm not saying this is the way to do it. Leaving out the
"--password=" would be more secure. There are several places you
will want different options. But this easily illustrates the steps
needed to make this work.

If files are copied to the outer crypt when the instructions say to,
it has to be done as root, because that crypt is writable only for
root at that time. But when you finish that and dismount everything
with "veracrypt -d", and then open either crypt with the gui, they
both work normally, and user seems to have complete control over the
files, including files created by root. That MAY be a consequence of it
being a FAT. Anyway, it isn't a problem once you know what to expect.

If anybody wants to point out a better way, or errors, feel free.

Here is what worked:

me@u64:~$ veracrypt -t -c --display-password
--encryption=aes-twofish-serpent --hash=sha-512 --filesystem=none
--volume-type=normal --size=200000000 --password=passoutpassout
--random-source=./testrandomcharacters --pim=1111 --keyfiles=""
./testcrypt

Done: 100.000% Speed: 5.4 MB/s Left: 0 s

The VeraCrypt volume has been successfully created.
me@u64:~$ veracrypt -t -c --display-password
--encryption=aes-twofish-serpent --hash=sha-512 --filesystem=ext2
--volume-type=hidden --size=100000000 --password=passinpassin
--random-source=./testrandomcharacters --pim=1111 --keyfiles=""
./testcrypt

IMPORTANT: Inexperienced users should use the graphical user
interface to create a hidden volume. When using the text interface,
the procedure described in the command line help must be followed to
create a hidden volume.

Done: 100.000% Speed: 3.6 MB/s Left: 0 s

Enter your user password or administrator password: password

The hidden VeraCrypt volume has been successfully created and is
ready for use. If all the instructions have been followed and if
the precautions and requirements listed in the section "Security
Requirements and Precautions Pertaining to Hidden Volumes" in the
VeraCrypt User's Guide are followed, it should be impossible to prove
that the hidden volume exists, even when the outer volume is mounted.

WARNING: IF YOU DO NOT PROTECT THE HIDDEN VOLUME (FOR INFORMATION
ON HOW TO DO SO, REFER TO THE SECTION "PROTECTION OF HIDDEN VOLUMES
AGAINST DAMAGE" IN THE VERACRYPT USER'S GUIDE), DO NOT WRITE TO THE
OUTER VOLUME. OTHERWISE, YOU MAY OVERWRITE AND DAMAGE THE HIDDEN
VOLUME!
me@u64:~$ veracrypt -t --protect-hidden=yes --password=passoutpassout
--pim=1111 ./testcrypt
Enter mount directory [default]: ./tempmountout
Enter keyfile [none]:
Enter password for hidden volume:
Enter PIM for hidden volume: 1111
Enter keyfile for hidden volume [none]:
Error: mount: you must specify the filesystem type
me@u64:~$ veracrypt -t --protect-hidden=yes --password=passoutpassout
--pim=1111 --filesystem=none --keyfiles="" ./testcrypt
Enter password for hidden volume:
Enter PIM for hidden volume: 1111
Enter keyfile for hidden volume [none]:
The hidden volume is now protected against damage until the outer
volume is dismounted.

WARNING: If any data is attempted to be saved to the hidden volume
area, VeraCrypt will start write-protecting the entire volume (both
the outer and the hidden part) until it is dismounted. This may cause
filesystem corruption on the outer volume, which (if repeated) might
adversely affect plausible deniability of the hidden volume. Therefore,
you should make every effort to avoid writing to the hidden volume
area. Any data being saved to the hidden volume area will not be
saved and will be lost. Windows may report this as a write error
("Delayed Write Failed" or "The parameter is incorrect").

I did this to get the virtual device name, which is needed

in the next step:

me@u64:~$ veracrypt -t --volume-properties ./testcrypt
Slot: 1
Volume: /home/me/testcrypt
Virtual Device: /dev/loop0
Mount Directory:
Size: 190 MB
Type: Outer
Read-Only: No
Hidden Volume Protected: Yes
Encryption Algorithm: AES-Twofish-Serpent
Primary Key Size: 768 bits
Secondary Key Size (XTS Mode): 768 bits
Block Size: 128 bits
Mode of Operation: XTS
PKCS-5 PRF: HMAC-SHA-512
Volume Format Version: 2
Embedded Backup Header: Yes
Data Read since Mount: 812 KB
Data Written since Mount: 0 B

Note "/dev/loop0" won't always be correct. I got it from the

output of the command above.

me@u64:~$ /sbin/mkfs -t fat /dev/loop0

For you non-'buntu 'nixers out there, note that we Ubuntards

use "sudo" 'cause we don't know any better. So su me.

me@u64:~$ sudo /sbin/mkfs -t fat /dev/loop0
mkfs.fat 3.0.26 (2014-03-07)
Loop device does not match a floppy size, using default hd params
me@u64:~$ sudo mount /dev/loop0 ./testmountout
mount: mount point ./testmountout does not exist
me@u64:~$ sudo mount /dev/loop0 ./tempmountout

Here is where you copy files to the outer crypt. You'll have to do it as root. I used thunar invoked as root.

dismounts everything:

me@u64:~$ veracrypt -d

That's it. Now it's ready for use.

Marked as answer by continentalop on 7/11/2016 at 6:03 PM