This project has moved and is read-only. For the latest updates, please go here.

Using VeraCrypt though CMD or Terminal to create encrypted File containers ...

Topics: Feature Requests, Technical Issues, Users Discussion
Nov 4, 2016 at 11:06 PM
Dear All ,

I am really new to this so please bare with me ,

So I would like to create an off side backup system , but I want to send the data encrypted (i don't trust ZIP files )(and the VPN will be also encrypted tunel .. but still ) any way ,

So I would like to be able to create a File container , drop the files in it , randomize the keys , create them , print them(on a physical printer ) , destroy them , and then take the File container send it to the other side and keep it there until i need it ... ,

this has to be fully automated ... and full prof ,

If you have any other ideas I am very open to suggestions .. but I would like to have data transparency and total security

Thank you in advance

The Test
Nov 10, 2016 at 11:48 AM
So you are just trying to move data securely from point A to B? Verypt can create, mount and dismount via command line, so this can be done automatically in a batch, but I don't think veracrypt is correct tool for this. For my encrypted file transfers I use in my backup scripts something like "tar whatever | gnupg key | curl whereto", this way I can even use public cloud storage.

Just read veracrypt manual how to do that, or if you specify exactly what you want to do, I can consider making a batch script for you in exchange that you will donate any affordable amont for the veracrypt project ;-)
Nov 20, 2016 at 4:08 PM
Dear testoslav ,

If you will care a batch for me I would be really grateful , But I am a kind of "difficult customer" so You will be asked to do a lot :D (printing(on a physical printer) a then destroying the key ) and then verification fo the data on the other side ( it would be catastrophic to send the encrypted container with nothing or half of the data in it :D )

When you said "affordable amount" is there a limit ? :D (min , max e.t.c ) or any amount I like ?

Thank you in advance


Le_Test
Nov 20, 2016 at 5:05 PM
Printing form a script is not a a problem too, when printer supports dos, you sipmply copy password to prn device, if not, there are other tools to achieve printing from batch. You should first describe all the steps you want to do. If I understand correctly what you want to do, it looks quite simple, but what I see like a big problem is your request for destroyng the key. This cannot be done. You simply can't work with a password in a script and properly "destroy" it, because you cannot control where it is/was stored, if it was swapped etc. Also you can't ever dispose anything which was was sent to the printer, because it travels across memory and drivers, which you cannot control (and properly overwrite).
Jan 21 at 2:33 PM
Edited Jan 21 at 2:40 PM
Dear testslav ,

Okay I understand but , as a standard measure on OpenVpn Servers to create the Key and CA on Air Gaped PC's so that there is no chance of the key to be stolen and make new certificates and e.t.c ...

So I don't know how good strategy will be to keep the key and the lock side by side , and the only thing needed will be someone to just put the two together ,

So I don't know how it should be done Properly , if you have any idea , am all ears , ... but the idea is to keep the keys only in paper form that is " un-hack-able " lastly if this is too difficult we can just make the script to take the newest backup file ( done with robo copy ) , encrypt them , send them though the Tunel , and on the other side I must find a way to verify that all the data are intact , because with out verification it really beats the purpose to transport the data to an other location for this ...

on the other side, i may have a File sever with Encrypted Drives , and that would be it ,

Tell me your ideas about this ....

Thank you in advance

Le_Test
Feb 12 at 3:27 PM
The above just somehow got me hooked. I'm in the process of defining something similar myself: Create an online backup using veracrypt containers, be sure the data is transvered encrypted and the password is relative save and safe.

For a start, your ideas are a little over-complicated and have some issues.

You cannot create a true random key using some script. There has to be some random seed to generate the key. THats why veracrypt requres some mouse movements to create a key. These mouse movements cannot be sctipted, since they then are less random.... On the other hand, once you have created a good key, you donnot need a new one for every backup.

Then the password handling: There are some what-ifs in there, like what if the printer is out of ink or out of paper once it prints? THe idea to not have it online is relative good, however, since you use it for backup be sure you have it once you need id. My idea for the password storage is to use a commandline based password safe. There should be one or two around. Most have relative good pasword generators for hard-to-guess passwords. Just use them to create the password.

In the end, it is my idea to use a vera-crypt container on an online storage facility. I have one that offers the webdav protocol. Since I generate the veracrypt volume locally, I know the data is encrypted once it is sent over the line. Hence using https (from the webdav protocol) is sufficient.

Now just do it on a commandline. For msWindows I'd say to use powershell, for unix/linux/macos, just use the available shell/terminal. Once you have it all commandline based dump it in a file and you have the base of the script.