Opening/Decrypting Veracrypt drives without mounting them (for fsck)

Submitted by Silvershock on Thu, 12/14/2017 - 13:06

Man, it's been a while since I posted. I've actually been really busy, and I have a half-dozen half-finished blog posts still in the notes stage, on everything from console modding to setting up a backup system. I should make finishing those a personal project!

In the meantime, here's a quick tip for (mostly) Linux Veracrypt users who have an encrypted volume they want to run file checks on. You can't run fsck on a mounted filesystem, and Veracrypt generally requires a mount point. There is a simple way to do this, though. If you're in a GUI, drop to a command line and use the following syntax:

$ sudo veracrypt --protect-hidden=no -p your-passphrase /path/to/your/volume --filesystem=none

Note: If you are in a desktop/GUI environment and don't want to risk having your passphrase in your terminal history, just leave off the -p option entirely, and Veracrypt will prompt you for it with a popup window when you execute the command.

OK, obviously the secret sauce here is the filesystem=none parameter, which does exactly what it says on the tin. Once you've got the volume decrypted, simply look up where it's mapped to, and then execute your file checker there.

$ sudo veracrypt -l
1: /path/to/your/volume /dev/mapper/veracrypt1
$ sudo fsck -fy /dev/mapper/veracrypt1

Finally, unmount the container and leave it ready for use.

sudo veracrypt -d /path/to/your/volume

But Silver, I hear you cry, surely this was something obvious I could have looked up in --help for myself? Yes, you'd think that, but Veracrypt has a lot of potential parameters, and this detail only appears in the GUI version of the app's help text, not the command line version. Hopefully this will help someone out.