Bjarne Verschorre

../luks-encryption.md March 24, 2024

Doing it through an GUI is simple, these steps are for the terminal.

Why encrypt your drives?

Privacy: If someone steals your computer, they can’t access your data.
Security: If someone steals your computer, they can’t access your data.

Encrypting a partition

You can get the device name of the partition you want to encrypt by running lsblk or fdisk -l.

Format the partition with LUKS:
- $ sudo cryptsetup luksFormat /dev/sdX1
  - Replace /dev/sdX1 with the device name of the partition you want to encrypt.
Open the encrypted partition:
- $ sudo cryptsetup open /dev/sdX1 <name>
  - Replace <name> with a name for the partition (eg enc_drive).
Create a filesystem on the encrypted partition:
- $ sudo mkfs.ext4 /dev/mapper/<name>

Mounting an encrypted partition

You are probaly going to want to mount the encrypted partition after you’ve encrypted it.

Open the encrypted partition (if it’s not already open):
- $ sudo cryptsetup open /dev/sdX1 <name>
  - Replace <name> with the name of the encrypted partition.
Create a mounting point and mount the encrypted partition:
- $ sudo mkdir /mnt/<name>/
- $ sudo mount /dev/mapper/<name> /mnt/<name>/

Unmounting the drive

It’s different from unmounting a regular partition. You need to unmount the partition and close the encrypted partition.

Unmount the partition:
- $ sudo umount /mnt/<name>/
Close the encrypted partition:
- $ sudo cryptsetup close <name>

← Setting up an SFTP server Configuring SSH →