One of the most ingenious and unique features of VeraCrypt is the ability to create hidden volumes (as is was of TrueCrypt before it). This means that, in addition to creating a “regular” VeraCrypt encrypted volume, you can also create a second “hidden” volume inside it.
If you enter the password of the outer volume then you open the outer volume, but if you enter the password of the hidden volume then you open that one instead. The beauty of this system is that is impossible for an adversary to know (let alone prove) that a second volume actually exists. This allows you plausible deniability. Please be aware that there are also some potential dangers associated with this.
In addition to hiding data, a VeraCrypt hidden volume can hide an entire Operating System (OS) running on a Virtual Machine (VN). This is a great way to keep all your computer use very secure (as long as you limit your activity to the VM).
What you will need
- The latest version of VeraCrypt (FOSS)
- The latest version of Oracle VM VirtualBox (FOSS)
- An Operating System (I use Linux Mint for this tutorial, but feel free to use your favorite). Note that it is not possible to run Mac OSX under a VM.
Step A – Create a VeraCrypt hidden volume
To do this, simply follow the steps outlined in my VeraCrypt hidden volumes guide. Ensure that the volume size is large enough to contain both the hidden OS and any decoy files placed in the outer folder.
Step B – Install your OS using VM and VeraCrypt
1. Ensure that all VeraCrypt volumes are unmounted, then mount the encrypted volume that you just created.
Be sure to enter the password for your hidden volume
You hidden volume should now be mounted
2. Fire up VirtualBox and hit “New” to create a new VM.
3. Name and select your OS.
4. Choose how much RAM you want the VM OS to use. The more the better, but it takes away from the RAM available to your primary OS.
My PC rocks 16 GB of RAM, so I can afford to be generous with my VM!
5. You now have the option to create a virtual hard disk.
This step is not strictly necessary, but I will create one for demonstration purposes.
Stick with the defaults unless you have a good reason not to
A dynamically allocated virtual drive is fine. Remember that its maximum size will anyway be limited by the space that you allocated for your hidden folder
You can leave maximum file size high for the same reason (although some people recommend setting it just slightly smaller than the space reserved for your hidden volume). Be sure to save the virtual drive file in your mounted hidden folder. Hit “Create”.
6. In the VirtualBox Manager screen, select your newly created Virtual Machine, then hit “Start”.
7. Select your OS, then hit “Start”.
In my case this is the Linux Mint .iso file that I have downloaded
8. Yay! Once it boots up, you are running your new OS inside a Virtual Machine! Close it down…
… but be sure not to Save the machine state (as saving complicates the next step).
9. Back at the Virtual Box Manager window, select your OS -> Settings -> Advanced. Change the Snapshot Folder to your mounted hidden folder.
This should be the same folder that you saved your virtual disk to in Step B-5 above
10. Manually move the new VM’s .vbox file to your hidden folder. This file is usually located your home directory. For example, in Windows it is located by default in C:/Users/[name]/VirtualBox MS.
Step C – How to use you new hidden OS inside a VPM
1. Mount your hidden volume using VeraCrypt.
2. Double-click the .vbox file to launch VirtualBox. Select the VM, and hit “Start”.
3. When you are done using your hidden OS, be sure to right click -> Remove it in the VirtualBox Manager window. Make sure you select “Remove only” (i.e. do not “Delete all files”!).
1. When using the VM be careful to not create a shared folder between the VM and the host PC, as this could compromise the privacy of your data.
2. Windows users have the option of downloading a portable version of VirtualBox from vbox.me. This can itself be installed inside the hidden VeraCrypt folder. This is a great way to hide the fact that you might use a VM at all!