I get a permission denied error when I try to save files downloaded over Tor into a Veracrypt container. Is there some way to allow this?
Is it also true that any files saved to the Whonix filesystem can be retrieved with a data recovery utility such as testdisk? This is why I think it would be preferable to save directly to an encrypted container
See: Saving Files in Shared Folder
Same as for any persistent operating system. This is unspecific to Whonix.
Consider using non-persistence, also known as live mode.
See also:
Only useful if combined with live mode.
A better way might be to use FDE on the host operating system. See:
This worked, only I changed sf_shared to veracrypt1. Thanks
Are you sure? Because if an adversary were to gain access to the system, all sensitive files would presumably be in the veracrypt file, which is stored on Whonix. They would need the password to see what’s inside, unless they brute force it, which is impossible with SHA-256 and a strong password.
You’re assuming browsers, operating systems cleanly write only cleanly only write to the folder told to? Risky assumption. Likely false.
No, but my VDI is already on a LUKS-encrypted drive. I still don’t like the fact that opening Workstation takes me straight into the OS without any prompting of a password. I started another thread a while back where I detailed how I tried to set a screen lock and I inexplicably ran into fsck problems. Thought I lost all my data, then after restoring the filesystem there was still no screen lock:
Is full disk encryption at all beneficial on a Virtualbox VM? The documentation seems to make it out like it’s not worth it. And can it even be done without creating a new image (encryption in place)? I think LUKS is capable, but I’ve never tried it
Let me google that for you.