VeraCrypt Decryption Notes for Linux CLI
· Updated: May 27, 2026 · VeraCrypt, Linux, Disk Encryption, CLI, Incident Response
Table of contents
Overview
These notes are for mounting a VeraCrypt encrypted partition from Linux CLI.
Example values used in this guide:
- Encrypted partition:
/dev/sdb1 - Mount point:
/mnt/veracrypt-test
Test Mount in Read-Only Mode
Use read-only mode first when you want to confirm the partition is valid and avoid accidental writes.
sudo mkdir -p /mnt/veracrypt-test
sudo veracrypt --text --mount-options=ro --pim <your-pim> --protect-hidden=no /dev/sdb1 /mnt/veracrypt-testVeraCrypt will prompt for the password.
Check Mounted Volume
veracrypt --text --list
ls /mnt/veracrypt-testUnmount
Unmount a specific mount point:
sudo veracrypt --text --dismount /mnt/veracrypt-testUnmount all VeraCrypt volumes:
sudo veracrypt --text --dismountMount in Read-Write Mode
First unmount the read-only session, then remount without ro:
sudo veracrypt --text --dismount /mnt/veracrypt-test
sudo veracrypt --text --pim <your-pim> --protect-hidden=no /dev/sdb1 /mnt/veracrypt-testRead-Write Mount with User Permissions
For NTFS, exFAT, or FAT, use filesystem options so your normal user can write:
sudo veracrypt --text --pim <your-pim> --protect-hidden=no \
--fs-options="uid=$(id -u),gid=$(id -g),umask=022" \
/dev/sdb1 /mnt/veracrypt-testSystem-Encrypted Partition Option
If the target is a VeraCrypt system-encrypted partition, try:
Read-only system mode:
sudo veracrypt --text --mount-options=ro,system --pim <your-pim> /dev/sdb1 /mnt/veracrypt-testRead-write system mode:
sudo veracrypt --text --mount-options=system --pim <your-pim> /dev/sdb1 /mnt/veracrypt-testSecurity Notes
- Do not put your real VeraCrypt password directly in command arguments.
- Let VeraCrypt prompt for the password interactively.
- Replace
<your-pim>with your actual PIM value.