How to Install VeraCrypt on Ubuntu

VeraCrypt creates encrypted containers that protect sensitive files from unauthorized access, even if your device is lost or stolen. Whether you need to encrypt a USB drive for portable storage, protect a partition containing financial documents, or create a hidden volume with plausible deniability, VeraCrypt provides military-grade encryption using AES, Serpent, and Twofish algorithms. By the end of this guide, you will have VeraCrypt installed and ready to create encrypted volumes on Ubuntu.

Choose Your VeraCrypt Installation Method

VeraCrypt can be installed through two methods on Ubuntu, each suited to different needs and Ubuntu versions. The table below compares these approaches to help you choose the right one for your system.

Method	Channel	Version	Updates	Best For
PPA (Unit 193)	Launchpad PPA	Latest stable	Automatic via APT	Ubuntu 22.04 and 24.04 users who want easy updates
Compile from Source	GitHub Repository	Latest stable	Manual recompilation	Ubuntu 26.04 users or those needing custom builds

For most users, the PPA method is recommended because it provides automatic security updates and requires no manual maintenance. However, the Unit 193 PPA does not currently publish packages for Ubuntu 26.04 LTS, so users on that release must compile from source.

This guide covers Ubuntu 22.04 LTS, 24.04 LTS, and 26.04 LTS. The PPA method works on 22.04 and 24.04, while compile from source is required for 26.04 or anyone needing custom build options. Commands shown work identically across supported releases unless noted otherwise.

Update Ubuntu Before Installation

Before installing any new software, refreshing your package index ensures you download the latest available versions and avoid dependency conflicts. Open a terminal and run the following command:

sudo apt update

If updates are available, apply them with the upgrade command. This step is optional but recommended to keep your system secure:

sudo apt upgrade

Method 1: Install VeraCrypt via PPA

The Unit 193 PPA provides pre-built VeraCrypt packages that integrate with Ubuntu’s package management system. As a result, this method handles dependencies automatically and delivers updates through the standard apt upgrade process.

Add the VeraCrypt PPA

First, add the encryption PPA to your system’s software sources. The -y flag automatically confirms the addition without prompting:

sudo add-apt-repository ppa:unit193/encryption -y

After adding the PPA, refresh your package lists so APT recognizes the newly available packages:

sudo apt update

Install VeraCrypt

With the PPA configured, install VeraCrypt using APT:

sudo apt install veracrypt -y

Additionally, the -y flag automatically confirms the installation prompt, which is useful for scripted deployments but means you will not see the package list before installation proceeds.

Verify Installation

Finally, confirm VeraCrypt installed correctly by checking its version:

veracrypt --version

You should see output similar to the following, confirming successful installation:

VeraCrypt 1.26.24

Method 2: Compile VeraCrypt from Source

Alternatively, compiling from source gives you the latest features and is required for Ubuntu 26.04 LTS since the PPA does not yet provide packages for that release. This method also allows custom build configurations such as console-only builds without GUI dependencies.

Install Build Dependencies

VeraCrypt requires several development libraries to compile, including a C++ compiler from the build-essential package. The wxWidgets package name differs between Ubuntu versions, so use the correct command for your release.

Ubuntu 22.04 LTS:

sudo apt install build-essential yasm pkg-config libwxgtk3.0-gtk3-dev libfuse-dev libpcsclite-dev git -y

Ubuntu 24.04 LTS and 26.04 LTS:

sudo apt install build-essential yasm pkg-config libwxgtk3.2-dev libfuse-dev libpcsclite-dev git -y

The difference is the wxWidgets version: Ubuntu 22.04 ships wxWidgets 3.0 (libwxgtk3.0-gtk3-dev), while Ubuntu 24.04 and 26.04 ship wxWidgets 3.2 (libwxgtk3.2-dev). Using the wrong package will cause compilation to fail.

Clone the Source Repository

Next, download the VeraCrypt source code from the official GitHub repository using Git:

git clone https://github.com/veracrypt/VeraCrypt.git
cd VeraCrypt/src

Compile VeraCrypt

Then, run the make command to compile VeraCrypt with the system’s wxWidgets library:

make

This process typically takes 5-10 minutes depending on your hardware. Once complete, the VeraCrypt binary is located in the Main directory.

For a console-only build without GUI dependencies, you must download wxWidgets source code separately and use make NOGUI=1 WXSTATIC=1 WX_ROOT=/path/to/wxWidgets wxbuild followed by make NOGUI=1 WXSTATIC=1. See the official documentation for details.

Install the Compiled Binary

Finally, copy the compiled binary to a system-wide location so it is accessible from any terminal:

sudo cp Main/veracrypt /usr/local/bin/

Then verify the installation by checking the version:

veracrypt --version

Launch VeraCrypt

After installation, you can launch VeraCrypt either from the terminal or through your desktop environment’s application menu.

Launch from Terminal

To start VeraCrypt from the command line, run:

veracrypt

This command opens the graphical interface. For command-line operations without the GUI, use the --text flag (for example, veracrypt --text --mount /path/to/volume).

Launch from Applications Menu

Alternatively, for desktop users, VeraCrypt appears in your applications menu after installation:

1. Open your desktop environment’s application menu or launcher.
2. Search for “VeraCrypt” in the search bar.
3. Click the VeraCrypt icon to launch the application.

Manage VeraCrypt

Update VeraCrypt

PPA installation: VeraCrypt updates arrive through the standard system update process. Run the following to check for and apply updates:

sudo apt update && sudo apt upgrade

Alternatively, to update only VeraCrypt without upgrading other packages:

sudo apt install --only-upgrade veracrypt

Source installation: Because the source install bypasses APT, you update it by pulling the latest release tag from GitHub and recompiling. The script below checks your current version, compares it to the latest GitHub release, and updates only when needed.

Save this as ~/update-veracrypt.sh:

cat <<'EOF' > ~/update-veracrypt.sh
#!/usr/bin/env bash
set -euo pipefail

require_cmd() {
  command -v "$1" >/dev/null 2>&1 || { echo "Error: $1 is required."; exit 1; }
}

for cmd in curl git make lsb_release; do
  require_cmd "$cmd"
done

if ! command -v veracrypt >/dev/null 2>&1; then
  echo "Error: veracrypt is not in PATH."
  exit 1
fi

INSTALL_PATH="$(command -v veracrypt)"
if [ "$INSTALL_PATH" = "/usr/bin/veracrypt" ]; then
  echo "Detected APT-managed veracrypt at /usr/bin/veracrypt."
  echo "Update it with: sudo apt update && sudo apt install --only-upgrade veracrypt"
  exit 0
fi

VERACRYPT_DIR="$HOME/VeraCrypt"
if [ ! -d "$VERACRYPT_DIR/.git" ]; then
  echo "Error: VeraCrypt source directory not found at $VERACRYPT_DIR"
  echo "Clone the repository first: git clone https://github.com/veracrypt/VeraCrypt.git ~/VeraCrypt"
  exit 1
fi

API_URL="https://api.github.com/repos/veracrypt/VeraCrypt/releases/latest"
RELEASE_JSON="$(curl -fsSL "$API_URL")"
LATEST_TAG="$(printf '%s' "$RELEASE_JSON" | awk -F'\"' '/"tag_name":/ {print $4; exit}')"
LATEST_VERSION="${LATEST_TAG#VeraCrypt_}"

if [ -z "$LATEST_VERSION" ]; then
  echo "Error: Could not determine the latest release from GitHub."
  exit 1
fi

CURRENT_VERSION="$(veracrypt --version 2>/dev/null | awk '{print $2; exit}')"
if [ -z "$CURRENT_VERSION" ]; then
  CURRENT_VERSION="unknown"
fi

echo "Install path: $INSTALL_PATH"
echo "Current version: $CURRENT_VERSION"
echo "Latest version: $LATEST_VERSION"

if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then
  echo "VeraCrypt is already up to date."
  exit 0
fi

echo "Updating VeraCrypt from $CURRENT_VERSION to $LATEST_VERSION..."

cd "$VERACRYPT_DIR/src"
git fetch --tags
git checkout "tags/$LATEST_TAG"

make clean 2>/dev/null || true
make

if [ ! -x "Main/veracrypt" ]; then
  echo "Error: Compilation failed. Check build dependencies."
  exit 1
fi

if [ -w "$(dirname "$INSTALL_PATH")" ]; then
  cp Main/veracrypt "$INSTALL_PATH"
elif command -v sudo >/dev/null 2>&1; then
  sudo cp Main/veracrypt "$INSTALL_PATH"
else
  echo "Error: Cannot write to $INSTALL_PATH and sudo is not available."
  exit 1
fi

echo "Update complete."
veracrypt --version
EOF

Make it executable and run it:

chmod +x ~/update-veracrypt.sh
~/update-veracrypt.sh

Example output when you are already on the latest version:

Install path: /usr/local/bin/veracrypt
Current version: 1.26.24
Latest version: 1.26.24
VeraCrypt is already up to date.

The script checks out the tagged release rather than the latest commit, ensuring you only install official stable releases. If compilation fails, verify you have the correct wxWidgets package for your Ubuntu version.

Remove VeraCrypt

The removal process depends on how you originally installed VeraCrypt.

PPA installation: Remove the package and clean up the PPA:

sudo apt remove veracrypt -y
sudo apt autoremove -y
sudo add-apt-repository --remove ppa:unit193/encryption -y

Additionally, the apt autoremove command cleans up any dependencies that were installed alongside VeraCrypt and are no longer needed.

Source installation: Remove the binary you copied earlier and optionally delete the source directory:

sudo rm /usr/local/bin/veracrypt
rm -rf ~/VeraCrypt

Troubleshooting

PPA Not Available for Ubuntu 26.04

If you see a 404 error when adding the PPA on Ubuntu 26.04, this is expected. The Unit 193 PPA does not currently publish packages for Ubuntu 26.04 (Resolute Raccoon). Use the compile from source method instead.

Compilation Fails with wxWidgets Errors

If compilation fails with errors about missing wxWidgets headers, verify you installed the correct development package for your Ubuntu version:

# Check which wxWidgets packages are available
apt-cache search libwxgtk | grep dev

Then install the appropriate package (libwxgtk3.0-gtk3-dev for 22.04 or libwxgtk3.2-dev for 24.04/26.04) and retry compilation.

FUSE-Related Mount Errors

VeraCrypt requires FUSE (Filesystem in Userspace) to mount encrypted volumes. If mounting fails with permission errors, ensure the fuse kernel module is loaded and your user is in the fuse group. You can also configure UFW firewall rules if you plan to access encrypted volumes over a network share:

sudo modprobe fuse
sudo usermod -aG fuse $USER

Afterward, log out and back in for group changes to take effect.

Conclusion

You now have VeraCrypt installed on Ubuntu, ready to create encrypted containers and protect sensitive data. The PPA method provides automatic updates for 22.04 and 24.04 users, while source compilation offers flexibility for 26.04 and custom configurations. Consider reviewing the official VeraCrypt documentation to learn about hidden volumes and full-disk encryption options.

Useful Links

Here are official resources for learning more about VeraCrypt:

• VeraCrypt Official Website: Download links, feature overview, and news about VeraCrypt releases.
• VeraCrypt Documentation: Comprehensive guides on creating volumes, mounting options, and security best practices.
• VeraCrypt GitHub Repository: Source code, build instructions, and issue tracker for reporting bugs.
• VeraCrypt Discussion Forum: Community support forum for questions and troubleshooting.