Hi,
I have some encrypted usb that i want to use and i am not sure how to install veracrypt.
Do you recomend to install it in the sys-usb or only in the qubes where i need the content of my usb or maybe juste creat a qubes between my sys-usb and my other qubes with juste veracrypt ?
Thank
You can create a TemplateVM (for example deb-veracrypt), install veracrypt in it, then create a DispVM Template (for example deb-veracrypt-dvm). Finally connect the usb device from sys-usb to the DispVM.
To create a DispVM template:
[user@dom0 ~]$ qvm-create -t deb-veracrypt -l red --prop template_for_dispvms=true --prop netvm='' deb-veracrypt-dvm
[user@dom0 ~]$ qvm-features deb-veracrypt-dvm appmenus-dispvm 1
Reminder: if you want the veracrypt package to persist and be usable in different vms, you have to install it in the TemplateVM.
If you only have the one volume and don’t expect to use it frequently, then BEBF738VD’s solution will work.
If you are thinking there are multiple qubes that should have access to files in the veracrypt volume, you’ve got a couple of options. The first is to create a dedicated qube for accessing the files on the volume (install veracrypt in that qube’s template, connect the usb volume to it, decrypt there, then qvm-copy the files where they should go). Basically what BEBF738VD said, just using the veracrypt-capable VM as an intermediary.
If for some reason you want direct access from your apps to the qube, then you can install veracrypt on those templates (which means you’ll possibly install it on multiple templates). Or there is a much more complex solution which might make sense if veracrypt is a major part of your life: Split veracrypt - General Discussion - Qubes OS Forum (qubes-os.org) but even as the guy who came up with that, I strongly recommend you do NOT do this unless you find yourself using veracrypt a lot. (It’s a huge part of my qubes infrastructure.)
tl;dr BEBF738VD’s solution is the best unless you use veracrypt a lot.
Thanks for your help !
I will use the BEBF738VD method. It’s the most simple and for what i have to do it’s perfect!
@BEBF738VD You create a Debian Template because you are more familiar with it or it’s better for Veracrypte ?
@SteveC Thanks for your time ! I really appreciate !!
Haven’t tested it with Fedora. I just like Debian better.
No worries. If it solved your issue, please mark it as answer.