Prerequisites
- Administrative (sudo) privileges
- A backup of any existing data on the target partition
- The partition you want to encrypt (in this guide, we’ll use
/dev/sdb2)
Installing cryptsetup
Choose the appropriate command for your distribution:
For Debian/Ubuntu:
sudo apt-get install cryptsetup
For distributions using pacman:
sudo pacman -Sy cryptsetup
Encryption Process
1. Initialize LUKS Encryption
⚠️ WARNING: Before we proceed, please make sure you have a BACKUP OF THE DATA somewhere.
Initialize the LUKS encryption on your partition:
cryptsetup -y -v luksFormat /dev/sdb2
- This command will initialize the partition and will prompt for a passphrase. Please make sure you note the
passphrasefor further use.
2. Open the Encrypted Partition
Create a mapping for the encrypted partition:
cryptsetup luksOpen /dev/sdb2 test
Running the following command will prompt for the passphrase you just created.
After successful authentication, the encrypted partition will be available at /dev/mapper/test.
3. Verify the Setup
Check the status of your encrypted mapping:
cryptsetup -v status test
To view detailed LUKS header information:
cryptsetup luksDump /dev/sdb2
4. Secure the Partition
Fill the entire encrypted volume with zeros to ensure secure initialization:
pv -tpreb /dev/zero | dd of=/dev/mapper/test bs=128M
This step will:
- Overwrites the entire partition with zeros
- This may take some time depending on the size of your device/partition, so we have used the
pvcommand to monitor the progress.
5. Create a File System
Format the encrypted partition with ext4 or any file system:
mkfs.ext4 /dev/mapper/test
6. Mount and Verify
Create a mount point and mount the encrypted partition:
sudo mkdir /test_device
sudo mount /dev/mapper/test /test_device
df -H
Usage Tips
-
Always keep your passphrase in a secure location
-
Consider creating a backup of the LUKS header
-
Remember to close the encrypted partition when not in use:
sudo umount /test_device cryptsetup luksClose test
Note: Whenever you see a guide in my blog, they are primarily for my personal documentation, or I am sharing them in hope they might be useful.