Menu

[Tutorial] Create hidden volumes on big sized HDDs in Linux (circumvent 2 TB error)

Technical Topics
RealTehreal
2021-12-16
2023-12-05

  • RealTehreal

    RealTehreal - 2021-12-16

    Preamble: The following tutorial only works in Linux, because the Windows version of VeraCrypt does not have all the command line capabilities needed, to get the work done. Nothing I can do for you, sorry!

    Maybe you stumbled upon the same issue as me, when I wanted to play around with hidden volumes in VeraCrypt: You got your 4+ TB HDD, set all your encryption and hash settings and finally typed your 128 characters password, just to see the following message (error.png):

    Error: The hidden volume to be created is larger than 2TB (2048 GB).

    Possible solutions:
    - Create a container/partition smaller than 2 TB.
    - Use a drive with 4096-byte sectors to be able to create partition/-device-hosted hidden volumes up to 16 TB in size.

    Now you maybe think "dammit, got the wrong drive". Looking into the disk's information reveals, that there should be nothing wrong with it (fdisk.png):
    It's got 4096 byte sectors. Another fun fact: using Windows, the whole procedure works without a hitch.

    But fear not, my friend. You will not have to infect your system with proprietary operating systems. The following steps will create your hidden volume, alas you will have to do some terminal emulator magic. So open up your preferred terminal emulator and let's get it on.

    First, like always, MAKE SURE that you are working on the correct device. Otherwise, you could destroy beloved data. So, we will start with # fdisk -l to get information of our hard drives and find the path to it. In my case, like shown on the screenshot, it's /dev/sdh1. Learn the path by hearth to prevent disaster.
    Addition: You are advised to create a (raw) partition first.

    Now, following all the steps below, you should get your hidden volume done in no time (depending on your drive's throughput, of course).

    Create outer volume (filesystem none is mandatory):
    # veracrypt -t --create /dev/TARGET --encryption ENC_ALGO --filesystem None --hash HASH [--random-source /dev/random] --quick --volume-type Normal
    [] = optional

    Create hidden volume:
    # veracrypt -t --create /dev/TARGET --encryption ENC_ALGO --filesystem FILESYSTEM --hash HASH [--random-source /dev/random] --quick --volume-type Hidden --size VOL_SIZE
    [] = optional

    Mount outer volume with hidden volume protection:
    # veracrypt -t --filesystem none --hash HASH --protect-hidden=yes /dev/SOURCE /media/veracrypt1

    Create filesystem for the outer volume, using your preferred software:
    The following is mandatory: you MUST create the filesystem using "quick" mode to make sure, that the partitioning software will not try to write to the whole drive and create errors because of hidden volume protection. This means that you cannot use a journaling filesystem like NTFS or ext4 but must use FAT or ExFAT.

    Dismount:
    # veracrypt -d /dev/TARGET

    And we are done. Now you should be able to mount the outer and hidden volumes like always, using VC GUI. Down below, possible settings for placeholders:

    ENC_ALGO:
    AES
    Serpent
    Twofish
    Camellia
    Kuznyechik
    AES-Twofish
    AES-Twofish-Serpent
    Serpent-AES
    Serpent-Twofish-AES
    Twofish-Serpent
    Camellia-Kuznyechik
    Kuznyechik-Twofish
    Camellia-Serpent
    Kuznyechik-AES
    Kuznyechik-Serpent-Camellia

    HASH:
    RIPEMD-160
    SHA-256
    SHA-512
    Whirlpool
    Streebog

    FILESYSTEM:
    None: don't use any filesystem
    FAT: format using FAT/FAT32
    NTFS: format using NTFS. Please note that in this case a UAC prompt will be displayed unless the process is run with full administrative privileges.
    ExFAT: format using ExFAT. This switch is available starting from Windows Vista SP1
    ReFS: format using ReFS. This switch is available starting from Windows 10
    ext4

     

    Last edit: RealTehreal 2021-12-16
    Thumbnail
    error.png
    Thumbnail
    fdisk.png

  • Erwin lagu

    Erwin lagu - 2022-01-18

    Thanks

     

    • RealTehreal

      RealTehreal - 2022-01-18

      You're very welcome! :-)

      Greets

       

  • Vencent Valerian

    Vencent Valerian - 2023-10-15

    @realtehreal

    Thanks for your wonderful tutorial.

    If you have time to spare, you might like to update it by mentioning or removing deprecated items under ENC_ALGO and HASH when one is using Veracrypt 1.26.7

     

  • Enigma2Illusion

    Enigma2Illusion - 2023-10-15

    @realtehreal

    Does 1.26 version resolve this issue?

    • Fix wrong size for hidden volume when selecting the option to use all free space.
    • Fix failure to create hidden volume on a disk using CLI caused by wrong maximum size detection.
     

  • Harald Milz

    Harald Milz - 2023-12-05

    The VC User Manual is very vocal about NOT using the Quick option when creating hidden volumes:

    "Important: When encrypting a partition/device within which you intend to create a hidden volume afterwards, leave this option unchecked." I read this as MUST NOT.

    I just created an outer and an inner volume on a test device using ext2 without Quick with no problems.

     

    Last edit: Harald Milz 2023-12-05

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.