How to Install VeraCrypt on Ubuntu 26.04, 24.04 and 22.04

Locked containers and encrypted partitions are still useful when a laptop, external drive, or shared workstation could expose sensitive files. If you need to install VeraCrypt on Ubuntu, the current practical choice is between the official upstream .deb package and the community-maintained Unit 193 PPA.

Ubuntu 26.04, 24.04, and 22.04 do not ship veracrypt in the default repositories, so a bare sudo apt install veracrypt fails until you add the PPA. Use the official download when you want the upstream package without a repository, or use the PPA when you want VeraCrypt updates to arrive through APT.

Install VeraCrypt on Ubuntu

Both package paths are currently available on Ubuntu 26.04, 24.04, and 22.04. The main difference is update handling: the official package is a checked manual download, while the PPA stays attached to normal package-manager upgrades.

Method	Source	Ubuntu Coverage	Updates	Best Fit
Official package download	VeraCrypt upstream release assets	26.04, 24.04, and 22.04 on amd64	Manual reinstall from the latest release	Official upstream package without adding a repository
Unit 193 PPA	Community Launchpad PPA	26.04, 24.04, and 22.04 on amd64	APT-managed upgrades	Regular package updates through APT

Quick pick by scenario:

• Use the official package if you prefer the upstream VeraCrypt download and are comfortable repeating the download step when a new release appears.
• Use the Unit 193 PPA if you want veracrypt to install and upgrade through apt.
• Do not start with bare sudo apt install veracrypt on a default Ubuntu install. Add the PPA first, or install the official .deb package directly.

These package commands target amd64 Ubuntu systems. Upstream also publishes arm64 .deb packages for Ubuntu 24.04 and 22.04, but the current Ubuntu 26.04 GUI package asset is amd64-only, so check the Downloads page before using this package workflow on arm64 hardware.

Update Ubuntu before installing VeraCrypt

Refresh the package index first so dependency resolution uses current metadata. This also catches stale mirrors before you download or add anything VeraCrypt-specific.

sudo apt update && sudo apt upgrade -y

These commands use sudo for tasks that need root privileges. If your account is not in the sudoers file yet, run them as root or follow the guide on how to add a new user to sudoers on Ubuntu.

Install VeraCrypt from the official Ubuntu package

The official method downloads the current VeraCrypt release asset from upstream, verifies its SHA256 checksum, and installs the local .deb with APT so package dependencies still resolve through Ubuntu.

Install the downloader and the runtime library that the upstream GUI package needs. On Ubuntu 26.04 and 24.04, the wxWidgets runtime comes from Ubuntu’s Universe component; if APT cannot find it, enable Universe with enable Universe and Multiverse repositories on Ubuntu and rerun the command for your release.

Ubuntu 26.04 and 24.04:

sudo apt install ca-certificates curl libwxgtk3.2-1t64 -y

Ubuntu 22.04:

sudo apt install ca-certificates curl libwxgtk3.0-gtk3-0v5 -y

Resolve the latest stable release, match it to your Ubuntu version and CPU architecture, and print the exact package filename before downloading anything.

UBUNTU_RELEASE="$(. /etc/os-release && echo "$VERSION_ID")"
ARCH="$(dpkg --print-architecture)"
release_json="$(curl -fsSL https://api.github.com/repos/veracrypt/VeraCrypt/releases/latest)"
LATEST_TAG="$(printf '%s\n' "$release_json" | awk -F'"' '/"tag_name":/ {tag=$4} END {print tag}')"
VERSION="${LATEST_TAG#VeraCrypt_}"
BASE_URL="https://github.com/veracrypt/VeraCrypt/releases/download/${LATEST_TAG}"
PACKAGE_FILE="veracrypt-${VERSION}-Ubuntu-${UBUNTU_RELEASE}-${ARCH}.deb"
CHECKSUM_FILE="veracrypt-${VERSION}-sha256sum.txt"

if ! curl -fsI "${BASE_URL}/${PACKAGE_FILE}" > /dev/null; then
  echo "No matching VeraCrypt package was found for Ubuntu ${UBUNTU_RELEASE} (${ARCH})."
  exit 1
fi

printf '%s\n' "$PACKAGE_FILE"

veracrypt-1.26.24-Ubuntu-26.04-amd64.deb

Download the package and checksum file, then verify that the checksum list contains the file you resolved. The checksum list currently uses Windows line endings, so the command strips carriage returns before handing the matching line to sha256sum.

curl -fL --progress-bar -o "$PACKAGE_FILE" "${BASE_URL}/${PACKAGE_FILE}"
curl -fsSLO "${BASE_URL}/${CHECKSUM_FILE}"
tr -d '\r' < "$CHECKSUM_FILE" | awk -v file="$PACKAGE_FILE" '$2 == file {print; found=1} END {exit found ? 0 : 1}' | sha256sum -c -

Relevant output includes:

######################################################################## 100.0%
veracrypt-1.26.24-Ubuntu-26.04-amd64.deb: OK

Install the checked package with APT.

sudo apt install -y "./$PACKAGE_FILE"

Relevant output on Ubuntu 26.04 includes:

The following NEW packages will be installed:
  libfuse2t64 veracrypt

Setting up veracrypt (1.26.24-1~ubuntu26.04-1) ...

Confirm that the package is installed and the command can load its runtime libraries.

dpkg-query -W -f='${db:Status-Abbrev} ${binary:Package} ${Version}\n' veracrypt
veracrypt --version

ii  veracrypt 1.26.24-1~ubuntu26.04-1
VeraCrypt 1.26.24

Install VeraCrypt from the Unit 193 PPA

The Unit 193 PPA is a community-maintained Launchpad source, not an upstream VeraCrypt repository. It currently publishes veracrypt packages for Ubuntu 26.04, 24.04, and 22.04 on amd64, and its package metadata declares the wxWidgets runtime dependencies that the official 26.04 and 24.04 packages omit.

Install the repository helper first. Desktop installs often already include it, but minimal systems may not.

sudo apt install software-properties-common -y

Add the PPA, refresh APT, and confirm that the candidate comes from the Unit 193 source before installing.

sudo add-apt-repository -y ppa:unit193/encryption
sudo apt update
apt-cache policy veracrypt

Relevant output on Ubuntu 26.04 includes:

veracrypt:
  Installed: (none)
  Candidate: 1.26.24-0vanir1~bpo26.04
  Version table:
     1.26.24-0vanir1~bpo26.04 500
        500 https://ppa.launchpadcontent.net/unit193/encryption/ubuntu resolute/main amd64 Packages

Install VeraCrypt from the PPA.

sudo apt install veracrypt -y

Confirm the installed package, version, and desktop launcher file.

dpkg-query -W -f='${db:Status-Abbrev} ${binary:Package} ${Version}\n' veracrypt
veracrypt --version
dpkg -L veracrypt | grep '/usr/share/applications/.*veracrypt.*desktop$'

ii  veracrypt 1.26.24-0vanir1~bpo26.04
VeraCrypt 1.26.24
/usr/share/applications/veracrypt.desktop

Launch VeraCrypt on Ubuntu

Both package methods install the graphical VeraCrypt application and the veracrypt command. Open the GUI from a desktop session, not from a plain SSH shell, because the window needs a running display server.

Launch VeraCrypt from the terminal

Start the graphical interface from a logged-in desktop terminal with the normal command.

veracrypt

For terminal-driven workflows, use VeraCrypt’s text interface. Run veracrypt --text --help to review options such as --mount, --unmount, and --create.

Launch VeraCrypt from the applications menu

Ubuntu also registers a desktop launcher when you install either package method.

1. Open the applications menu or activities overview.
2. Search for VeraCrypt.
3. Select the VeraCrypt launcher to open the main window.

Create Your First VeraCrypt Volume on Ubuntu

Once the window is open, create a small encrypted container first so you can test the workflow before moving sensitive files into a larger volume.

1. Click Create Volume in the VeraCrypt window.
2. Select Create an encrypted file container, then click Next.
3. Choose Standard VeraCrypt volume unless you specifically need a hidden-volume layout.
4. Click Select File and pick the folder and filename for the new container, for example ~/encrypted-container.
5. Keep the default AES setting unless you have a specific reason to choose another algorithm.
6. Set the size you want for the container and create a strong password.
7. Move the mouse in the window until VeraCrypt has enough entropy, then click Format.
8. Select an empty slot later, click Select File, choose the container, and then click Mount to open it like another drive.

Before you reorganize important files, it helps to install Timeshift on Ubuntu so system snapshots and encrypted containers cover different recovery jobs.

The official VeraCrypt documentation goes deeper into hidden volumes, keyfiles, and full-disk encryption once the basic container flow feels comfortable.

Update or Remove VeraCrypt on Ubuntu

VeraCrypt updates depend on the package source. The official package needs another manual download from the latest release, while the PPA package updates with the rest of your APT-managed software.

Update the official VeraCrypt package

The upstream .deb does not add a repository. To update it, repeat the official-package download, checksum, and install steps against the latest release metadata.

Because this method replaces encryption software from a moving upstream release, keep the update visible instead of hiding it in an auto-updater helper. The checksum step confirms the exact file before APT replaces the installed package.

UBUNTU_RELEASE="$(. /etc/os-release && echo "$VERSION_ID")"
ARCH="$(dpkg --print-architecture)"

case "$UBUNTU_RELEASE" in
  26.04|24.04)
    sudo apt install ca-certificates curl libwxgtk3.2-1t64 -y
    ;;
  22.04)
    sudo apt install ca-certificates curl libwxgtk3.0-gtk3-0v5 -y
    ;;
  *)
    echo "Unsupported Ubuntu release: $UBUNTU_RELEASE"
    exit 1
    ;;
esac

release_json="$(curl -fsSL https://api.github.com/repos/veracrypt/VeraCrypt/releases/latest)"
LATEST_TAG="$(printf '%s\n' "$release_json" | awk -F'"' '/"tag_name":/ {tag=$4} END {print tag}')"
VERSION="${LATEST_TAG#VeraCrypt_}"
BASE_URL="https://github.com/veracrypt/VeraCrypt/releases/download/${LATEST_TAG}"
PACKAGE_FILE="veracrypt-${VERSION}-Ubuntu-${UBUNTU_RELEASE}-${ARCH}.deb"
CHECKSUM_FILE="veracrypt-${VERSION}-sha256sum.txt"

if ! curl -fsI "${BASE_URL}/${PACKAGE_FILE}" > /dev/null; then
  echo "No matching VeraCrypt package was found for Ubuntu ${UBUNTU_RELEASE} (${ARCH})."
  exit 1
fi

curl -fL --progress-bar -o "$PACKAGE_FILE" "${BASE_URL}/${PACKAGE_FILE}"
curl -fsSLO "${BASE_URL}/${CHECKSUM_FILE}"
tr -d '\r' < "$CHECKSUM_FILE" | awk -v file="$PACKAGE_FILE" '$2 == file {print; found=1} END {exit found ? 0 : 1}' | sha256sum -c -
sudo apt install -y "./$PACKAGE_FILE"
rm -f "$PACKAGE_FILE" "$CHECKSUM_FILE"

Check the version after the replacement package finishes configuring.

veracrypt --version

VeraCrypt 1.26.24

Update VeraCrypt from the Unit 193 PPA

The PPA package stays inside APT, so a targeted package upgrade is enough.

sudo apt update && sudo apt install --only-upgrade veracrypt

Check the installed command after the package update finishes.

veracrypt --version

Remove VeraCrypt from Ubuntu

Removing the application does not delete encrypted containers or partitions you created elsewhere. Treat those volume files as your data, not as disposable application leftovers.

Remove the package first, whether you installed it from the official download or the PPA.

sudo apt remove veracrypt

Confirm that no installed veracrypt package remains. This check still reports success if only an old removed-package record is left in APT’s local status database.

dpkg-query -W -f='${db:Status-Abbrev} ${binary:Package}\n' veracrypt 2>/dev/null | grep '^ii' || echo veracrypt not installed

veracrypt not installed

If you used the PPA method and do not want that source anymore, remove it and refresh APT.

sudo add-apt-repository --remove -y ppa:unit193/encryption
sudo apt update

Check that the PPA no longer provides a live candidate.

if apt-cache policy veracrypt | grep -q 'ppa.launchpadcontent'; then
  apt-cache policy veracrypt | grep -E 'Candidate:|ppa.launchpadcontent'
else
  echo "No Unit 193 PPA candidate remains"
fi

No Unit 193 PPA candidate remains

APT may offer to remove dependencies that were installed only for VeraCrypt. Preview that cleanup first, especially on reused desktop systems where other applications may share GUI libraries.

sudo apt autoremove --dry-run

Continue with sudo apt autoremove only if the preview is limited to packages you no longer need.

Troubleshoot VeraCrypt on Ubuntu

Most Ubuntu install issues come from using the default repositories as if they already contained VeraCrypt, missing runtime libraries for the official package, or an unsupported release and architecture combination.

Fix unable to locate package veracrypt

If sudo apt install veracrypt returns an unable-to-locate-package error, Ubuntu is still using only its default repositories. Add the Unit 193 PPA first, or use the official-package method instead.

apt-cache policy veracrypt | grep Candidate || echo "No default Ubuntu candidate"

No default Ubuntu candidate

Fix libwx_gtk3u_core errors after the official package

On Ubuntu 26.04 and 24.04, the current official GUI .deb can install successfully but fail to start if the wxWidgets runtime is missing. Install the runtime package, then rerun the version check.

sudo apt install libwxgtk3.2-1t64 -y
veracrypt --version

VeraCrypt 1.26.24

Ubuntu 22.04 uses the older wxWidgets package name instead:

sudo apt install libwxgtk3.0-gtk3-0v5 -y

Fix no matching VeraCrypt package for your release or architecture

The official-package resolver exits before downloading when the latest release does not publish an Ubuntu asset for your release and architecture. Check the current release assets, then choose the PPA or an upstream-supported alternative if the exact package is absent.

printf 'Ubuntu release: %s\n' "$(. /etc/os-release && echo "$VERSION_ID")"
printf 'Architecture: %s\n' "$(dpkg --print-architecture)"

Ubuntu release: 26.04
Architecture: amd64

For Ubuntu 26.04, the current official GUI .deb is published for amd64. Ubuntu 24.04 and 22.04 currently have official GUI packages for amd64 and arm64.

Conclusion

VeraCrypt now has package-based install paths across Ubuntu 26.04, 24.04, and 22.04 on amd64. Use the official .deb when you want upstream’s release package and checksum verification, or use the Unit 193 PPA when APT-managed updates matter more. After installation, create a small test container, mount and unmount it, and move important files only after the workflow feels routine.