Encrypt your Hard Drive in Linux

      No Comments on Encrypt your Hard Drive in Linux
It's only fair to share...Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on Reddit
Reddit
Email this to someone
email

Do you need to encrypt a hard drive in Linux? Using this encryption method you can encrypt a separate partition, a whole hard drive or just your USB stick. It will work in any Linux distribution.

There are many methods to perform encryption in Linux. In this post, I will show you the method which I personally use the most. I believe it is a simple and reliable way to protect your data.

You can continue reading below or watch the video tutorial.

Video

Encrypt your hard drive in Linux with LUKS

I usually use LUKS encryption and dm-crypt.

First, you need to install cryptsetup package:

sudo apt install cryptsetup
Installing cryptsetup package

Installing cryptsetup package

Next, make sure the partition you are going to encrypt doesn’t have any important data on it because it will be overwritten during the encryption process.

If your hard drive is brand new, you may need to create a new partition table. If you want to encrypt only part of your hard drive, you also need to reparation your hard drive into two partitions: one will be encrypted and another one won’t.

Gparted

Gparted

You can also find out the name of your partition with the command lsblk and find the partition you need based on its size.

Running lsblk command to show all partition on your hard drive

Running lsblk command to show all partition on your hard drive

When the partition you want to encrypt is ready and all the data is backed up into another hard drive, run this command:

sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1

Where /dev/sdb1 is the partition you want to encrypt. Next, confirm that you agree to overwrite all the data in this partition.

Encrypting the partition

Encrypting the partition

Next, you will be prompted to type your passphrase. When you type it, you will see nothing. This is normal and due to security reasons. You will need this password to unencrypt the partition. Make sure you memorize it.

Typing a passphrase

Typing a passphrase

Next, open the encrypted partition.

sudo cryptsetup luksOpen /dev/sdb1 sdb1

This is where you need to type your passphrase.

Opening the encrypted partition

Opening the encrypted partition

Once the partition is opened, the encrypted partition is mapped to /dev/mapper/sdb1.

sudo fdisk -l
Mapped partition

Mapped partition

Then, create a new filesystem on it:

sudo mkfs.ext4 /dev/mapper/sdb1
Making a new filesystem to the partition

Making a new filesystem to the partition

I also suggest to get rid of reserved space. EXT4 file system reserves some space by default, but you won’t need it if you don’t run your system on this partition. This way you also get more space on the drive:

sudo tune2fs -m 0 /dev/mapper/sdb1
Getting more space on the partition

Getting more space on the partition

Now, your partition is encrypted and ready to use.

Mount it somewhere on your system. /mnt is the most common place to mount partitions.

Let’s create a folder encrypted in it.

sudo mkdir /mnt/encrypted
Creating a new folder to mount the partition

Creating a new folder to mount the partition

And perform the mounting:

sudo mount /dev/mapper/sdb1 /mnt/encrypted
Mounting the encrypted partition

Mounting the encrypted partition

And start placing your files into it. Let’s create a test file.

sudo touch /mnt/encrypted/test.txt
Creating a test file into the partition newly encrypted

Creating a test file into the partition newly encrypted

So, I use sudo because you need a root permission to access the encrypted partition.

Then, you can change the access permission with this command:

sudo chown -R alu:users /mnt/encrypted
Changing the partition permissions

Changing the partition permissions

Next, you can create a file without sudo.

touch /mnt/encrypted/test2.txt
Creating a second file without sudo

Creating a second file without sudo

You can also access it from your file manager. So, the two created files are in the partition.

Using the file manager to show the encrypted partition

Using the file manager to show the encrypted partition

So, when you finish working with the encrypted partition, unmount it.

sudo umount /dev/mapper/sdb1

Let me remind you that my encrypted partition name is sdb1, in you case it may be different.

Then, close the mapped device.

sudo cryptsetup luksClose sdb1

Finally, it is safe to disconnect the hard drive from your system.

Using an encrypt hard drive in Linux

Next time, when you want to use your encrypted drive. You have to connect your hard drive to the system and check its name.

lsblk
Checking the partitions

Checking the partitions

It is sdb1 in my case.

Open the encrypted partition:

sudo cryptsetup luksOpen /dev/sdb1 sdb1
Opening the encrypted partition

Opening the encrypted partition

Then, mount it.

sudo mount /dev/mapper/sdb1 /mnt

Now, it is available at /mnt/encrypted. As you can see, the newly created test files are there.

Mounting the encrypted partition

Mounting the encrypted partition

When you finished working with this encryoted files, unmount it:

sudo umount /dev/mapper/sdb1

And close it.

sudo cryptsetup luksClose sdb1

In some Linux systems, such Linux Mint in my case, you can also mount the encrypted partition by double-clicking on it and entering your passphrase.

Some Linux distribution can open a encrypted partition easily

Some Linux distribution can open an encrypted partition easily

So, you can avoid the command line hassle.

Conclusion

This way you can encrypt any hard drive, including flash drives. If you encrypt a hard drive that is permanently connected to your system, you can also make it mount automatically on the boot of your system.

So, do you use an encrypted partition? What method do you use to encrypt it? Let me know below.

You can also read my post about Linux Root Folders.

It's only fair to share...Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on Reddit
Reddit
Email this to someone
email

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.