#!/bin/bash set -euo pipefail # ============================================================================== # VeraCrypt Installation Script # ============================================================================== # Installs VeraCrypt - Full disk encryption and encrypted containers # # Threat Model: # - Physical device theft (laptop, USB drive) # - Data at rest without protection # - Border crossing device searches # - Forensic analysis of seized devices # # How VeraCrypt Protects: # - Full disk encryption (entire drive encrypted) # - Encrypted containers (virtual encrypted disks) # - Plausible deniability (hidden volumes) # - Multiple encryption algorithms # - Pre-boot authentication # # Source: https://veracrypt.fr/ # ============================================================================== # Colors readonly GREEN='\033[0;32m' readonly YELLOW='\033[1;33m' readonly RED='\033[0;31m' readonly NC='\033[0m' log() { echo -e "${GREEN}[INFO]${NC} $*"; } warn() { echo -e "${YELLOW}[WARN]${NC} $*"; } error() { echo -e "${RED}[ERROR]${NC} $*"; exit 1; } echo "=== VeraCrypt Installation ===" echo "" # Detect architecture ARCH=$(uname -m) if [ "$ARCH" = "x86_64" ]; then ARCH_SUFFIX="amd64" else error "Unsupported architecture: $ARCH (only x86_64 supported)" fi log "Fetching latest VeraCrypt version..." # Get latest version from SourceForge (VeraCrypt's official host) # Note: This is simplified - you may want to hardcode a version for stability LATEST_VERSION="1.26.7" # Update this manually for stability warn "Using VeraCrypt version $LATEST_VERSION" # Construct download URL BASE_URL="https://launchpad.net/veracrypt/trunk/${LATEST_VERSION}/+download" DEB_FILE="veracrypt-${LATEST_VERSION}-Debian-12-${ARCH_SUFFIX}.deb" DOWNLOAD_URL="${BASE_URL}/${DEB_FILE}" log "Download URL: $DOWNLOAD_URL" echo "" warn "⚠️ IMPORTANT: You should verify the PGP signature!" warn "Official instructions: https://veracrypt.fr/en/Digital%20Signatures.html" echo "" read -p "Continue with installation? [y/N] " -n 1 -r echo if [[ ! $REPLY =~ ^[Yy]$ ]]; then log "Installation cancelled" exit 0 fi log "Downloading VeraCrypt..." cd /tmp wget -O veracrypt.deb "$DOWNLOAD_URL" log "Installing VeraCrypt..." sudo apt install -y ./veracrypt.deb rm veracrypt.deb log "✅ VeraCrypt installed successfully!" echo "" echo "=== Installation Complete ===" echo "" echo "Usage:" echo "" echo " GUI:" echo " veracrypt" echo "" echo " Create encrypted container:" echo " 1. Launch VeraCrypt" echo " 2. Click 'Create Volume'" echo " 3. Choose 'Create an encrypted file container'" echo " 4. Follow wizard" echo "" echo " Mount existing container:" echo " 1. Launch VeraCrypt" echo " 2. Select slot (1-20)" echo " 3. Click 'Select File'" echo " 4. Choose your .vc file" echo " 5. Click 'Mount'" echo " 6. Enter password" echo "" echo "⚠️ Security Tips:" echo " - Use strong passwords (20+ characters)" echo " - Store backup of volume header" echo " - Never forget your password (no recovery!)" echo " - Unmount before shutdown/sleep" echo "" echo "📖 Documentation: https://veracrypt.fr/en/Documentation.html"