Can I upload a VeraCrypt encrypted file to a cloud drive via browser and safely decrypt it years later, from another computer?

[Manuel Prude]

I’m planning a long-term backup. I want to create an encrypted VeraCrypt container and upload the single file directly to a cloud drive (like Google Drive or Proton Drive) using just a standard web browser like Firefox. No desktop sync apps will be used because I don't have one installed. I tried this before with Cryptomator and wasn't able to recover or decrypt my data later, so I’m nervous.

If I download this VeraCrypt file via browser on a different computer in a few years, will it open perfectly as long as I have the password? I tested it in a VM and it worked, but I want to be 100% sure. Thanks!

[Wendelin Uez]

It's a good idea to save not only the password but also a booting system, f.e. USB stick, using an OS which does not automatically try to install new drivers, and another good idea to use two different sticks, if possible with different OS.
You never can have too many backups but you easily can have too few.

[Mounir IDRASSI]

Yes, this is a valid and actually well suited use case for a VeraCrypt file container.

If the file container you upload and later download is byte-for-byte identical, VeraCrypt will mount it on any computer that can run VeraCrypt. This is also why your approach shouldn't repeat your Cryptomator problem: Cryptomator stores a vault as many small encrypted files in a folder structure, which is sensitive to file-by-file sync and copy errors. A VeraCrypt container is one monolithic file: there is nothing to get out of sync, and its integrity reduces to a single hash. Uploading the dismounted file through the browser (rather than a sync client) is the right call: a sync client re-uploads the whole container on any change and can create conflicted or partial copies.

A few important conditions:

1. Fully dismount the volume before uploading. Never upload it while mounted or still being written to.
2. After uploading, download the file once and compare a SHA-256 hash with the original. On Windows PowerShell: Get-FileHash -Algorithm SHA256 your-container.hc (Very large containers can also make browser upload/resume less reliable and may hit free-tier size limits, so this check matters).
3. For long term storage, create an external header backup via Tools -> Backup Volume Header and store it separately. Containers already hold an embedded backup header, but an external one adds protection if the beginning or end of the file is damaged. Recreate it if you later change the password, keyfiles, or PIM.
4. Don't rely on a single cloud copy as your only backup. Keep at least one more independent copy, and for very long term archives also keep a copy of a VeraCrypt installer that is known to mount your specific volume: older releases remain available under https://sourceforge.net/projects/veracrypt/files/

Two more points for the "in a few years" part of your question:

• VeraCrypt keeps strong backward compatibility for the general volume format, but it can retire specific cryptographic algorithms for security reasons, and a volume that depends on a removed algorithm will no longer mount in current versions. Concretely, version 1.26 removed the RIPEMD-160 hash and the GOST89 cipher (and TrueCrypt mode). This is exactly why the official VeraCrypt site still offers the older 1.25.9 release (it is the last version that can open such volumes), so you can use it to migrate them (re-derive the header to a supported hash for RIPEMD-160, or copy the data out and recreate the container for GOST89). The practical takeaway for a multi-year archive: stick to the mainstream defaults (AES with SHA-512) since those are the least likely to be deprecated.
• If you may open it on a different operating system, choose the inner filesystem with that in mind: exFAT or FAT for broad cross OS portability, NTFS if it stays Windows centric.

So the answer is yes but no storage system can guarantee anything over years on its own. The safe workflow is: create a normal (non-dynamic) container, dismount it, upload it, verify the hash after downloading, safely keep the password/PIM/keyfiles/header backup, and maintain more than one backup copy.