LUKS/cryptsetup Tutorial for Linux Hard Drive Partition Encryption

This is based on Debian Linux but should apply equally to any *nix distro.

Install LUKS/crypt-setup

apt-get install cryptsetup

Setup your LUKS Partition

Of course change /dev/md2 with whatever partition you intend to use LUKS on.

cryptsetup --verbose --verify-passphrase luksFormat /dev/md2

You'll be asked to verify your decryption password twice

*DO NOT FORGET THIS PASSWORD AS IT IS NOT RECOVERABLE!

Open/Unlock your LUKS Partition

cryptsetup luksOpen /dev/md2 mylukspartition

You'll be asked for your passphrase at this point (the one you entered above, hopefully you haven't forgotten it already!)

You can change "mylukspartition" to whatever you would like to call it, it just controls the name created in /dev/mapper which is the device you will use to mount the encrypted LUKS partition.

You'll find that the above command creates /dev/mapper/mylukspartition

This will create the device for your LUKS partition (remember you will never be able to open it directly and you'll always need the LUKS tools to unlock the partition, so keep this in mind when using a Live/Recovery CD etc...)

CREATE the filesystem on the LUKS device

mkfs.ext3 /dev/mapper/mylukspartition

*Of course you can use any filesystem over top of LUKS but most will probably use ext3

Mount the LUKS Partition

mkdir /mnt/luks

mount /dev/mapper/mylukspartition /mnt/luks

To Umount and Secure Your Data

cryptsetup luksClose /dev/mapper/mylukspartition

Now your data is safe and in order to mount (luksOpen) you will need the passphrase which only you should know.


Tags:

luks, cryptsetup, tutorial, linux, partition, encryptionthis, debian, equally, nix, distro, install, crypt, apt, dev, md, verbose, verify, passphrase, luksformat, ll, decryption, password, recoverable, unlock, luksopen, mylukspartition, haven, quot, controls, mapper, mount, encrypted, creates, etc, filesystem, mkfs, ext, mkdir, mnt, umount, luksclose,

Latest Articles

  • Bad Power Supply Issue Story Diagnosing Troubleshooting
  • Getting started with AI (Artificial Intelligence) in Linux / Ubuntu using by deploying LLM (Language Learing Models) using Ollama LLMA
  • microk8s kubernetes how to install OpenEBS
  • Flash LSI MegaRAID 2208 to IT mode in Linux Mint/Debian/Ubuntu
  • LSI MegaRAID in Linux Ubuntu / Centos Tutorial Setup Guide megacli
  • Convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/413. convert-im6.q16: no images defined `pts-time.jpg' @ error/convert.c/ConvertImageCommand/3258. solution ImageMagick P
  • Apache PHP sending expires header solution cannot use cache with CDN
  • How to install virt-manager in Mint 22/Ubuntu 22
  • Infiniband Guide
  • python mysql install error: /bin/sh: 1: mysql_config: not found /bin/sh: 1: mariadb_config: not found /bin/sh: 1: mysql_config: not found mysql_config --version
  • FreePBX 17 How To Add a Trunk
  • Docker Container Onboot Policy - How to make sure a container is always running
  • FreePBX 17 How To Add Phones / Extensions and Register
  • Warning: The driver descriptor says the physical block size is 2048 bytes, but Linux says it is 512 bytes. solution
  • Cisco How To Use a Third Party SIP Phone (eg. Avaya, 3CX)
  • Cisco Unified Communication Manager (CUCM) - How To Add Phones
  • pptp / pptpd not working in DD-WRT iptables / router
  • systemd-journald high memory usage solution
  • How to Install FreePBX 17 in Linux Debian Ubuntu Mint Guide
  • How To Install Cisco's CUCM (Cisco Unified Communication Manager) 12 Guide
    • Copyright © realtechtalk.com 2025