What is the recommended way to use VeraCrypt in Ubuntu?
There is user Unit 193 who prepares ready builds of VeraCrypt on Launchpad. You can easily install it by adding his repo to Ubuntu sources:
sudo add-apt-repository ppa:unit193/encryption
sudo apt update
sudo apt install veracrypt
You should be aware that this repo is not related to the software developer and because of it you can't be 100% sure what you install or update in future. However Unit 193 is Xubuntu developer and he is well known in open source community. This is enough for me to sleep well.
I chose to download veracrypt-1.21-setup.tar.bz2, uncompress it and install manually:
Download the latest release (from link above):
wget https://launchpad.net/veracrypt/trunk/1.23/+download/veracrypt-1.23-setup.tar.bz2Unpack it:
$ tar xvf veracrypt-1.23-setup.tar.bz2 veracrypt-1.23-setup-console-x64 veracrypt-1.23-setup-console-x86 veracrypt-1.23-setup-gui-x64 veracrypt-1.23-setup-gui-x86Run your installer of choice:
./veracrypt-1.23-setup-gui-x64`Done! Run veracrypt with
vercrypt
I chose not to follow s3m3n's suggestion because I would prefer not to have encryption automatically updated so as not to lose access to encrypted containers in case of some incompatibility between versions.
VeraCrypt is mature and stable, and occasional manual updates can easily be handled.
If you don't trust the PPA or prefer to install it yourself, you can follow this:
Read https://www.veracrypt.fr/en/Digital%20Signatures.html & download the tar.bz2 files.
Download the key with ID shown in the above webpage: 5069A233D55A0EEB174A5FC3821ACD02680D16DE
gpg --keyserver keys.gnupg.net --recv-key 5069A233D55A0EEB174A5FC3821ACD02680D16DE
Verify files (replace ## with the version of your installation):
gpg --verify veracrypt-1.##-sha256sum.txt.sig veracrypt-1.##-sha256sum.txt
gpg --verify veracrypt-1.##-setup.tar.bz2.sig veracrypt-1.##-setup.tar.bz2
Install files:
tar xvjf veracrypt-1.##-setup.tar.bz2
./veracrypt-1.##-setup-gui-x64
Done. You should have a GUI app in your desktop.
Note that if you don't have a trust chain to the PGP key, you only trust the key because the website says it's theirs, and so you trust the website hasn't been hacked, or the key compromised another way.