Originally meant for Linux, the Linux Unified Key Setup (LUKS) is “a disk encryption specification created by Clemens Fruhwirth in 2004”.1 LUKS is what I used to encrypt a partition of my external hard drive. As an experiment, I did the following:
- Create a disk partition or partitions using fdisk. In my case, I created one partition that became
/dev/sdc1
on my host computer. - Encrypt the partition using cryptsetup:
cryptsetup -vv luksFormat /dev/sdc1
where-v
is for verbosity
- You will be prompted for a password that will be used to lock the disk partition.
- Unlock the partition:
cryptsetup -vv open /dev/sdc1 whatever_name
- Format the partition to whatever filesystem you want (e.g. ext4):
mke2fs -vv -t ext4 /dev/mapper/whatever_name
- Mount the partition and test it:
mount -t ext4 /dev/mapper/whatever_name /mnt/t01
To remove the external drive, you must first unmount the decrypted partition:
umount /mnt/t01
Then, wipe the existing mapping and wipe the encryption key from kernel memory:
cryptsetup close /dev/mapper/whatever_name
All the above commands were done as root. The host was running Ubuntu 20.04.1 LTS and the external hard drive was connected via USB 3.
I will continue with my experiments with encrypted disks. I am particularly interested in how to auto mount the encrypted disk at boot time. Luckily, there are a number of web articles on this matter. In a future article, I will try some of the procedures used in those web articles and discuss my own experience with auto mounting.