LUKS/cryptsetup Tutorial for Linux Hard Drive Partition Encryption

This is based on Debian Linux but should apply equally to any *nix distro.

Install LUKS/crypt-setup

apt-get install cryptsetup

Setup your LUKS Partition

Of course change /dev/md2 with whatever partition you intend to use LUKS on.

cryptsetup --verbose --verify-passphrase luksFormat /dev/md2

You'll be asked to verify your decryption password twice

*DO NOT FORGET THIS PASSWORD AS IT IS NOT RECOVERABLE!

Open/Unlock your LUKS Partition

cryptsetup luksOpen /dev/md2 mylukspartition

You'll be asked for your passphrase at this point (the one you entered above, hopefully you haven't forgotten it already!)

You can change "mylukspartition" to whatever you would like to call it, it just controls the name created in /dev/mapper which is the device you will use to mount the encrypted LUKS partition.

You'll find that the above command creates /dev/mapper/mylukspartition

This will create the device for your LUKS partition (remember you will never be able to open it directly and you'll always need the LUKS tools to unlock the partition, so keep this in mind when using a Live/Recovery CD etc...)

CREATE the filesystem on the LUKS device

mkfs.ext3 /dev/mapper/mylukspartition

*Of course you can use any filesystem over top of LUKS but most will probably use ext3

Mount the LUKS Partition

mkdir /mnt/luks

mount /dev/mapper/mylukspartition /mnt/luks

To Umount and Secure Your Data

cryptsetup luksClose /dev/mapper/mylukspartition

Now your data is safe and in order to mount (luksOpen) you will need the passphrase which only you should know.


Tags:

luks, cryptsetup, tutorial, linux, partition, encryptionthis, debian, equally, nix, distro, install, crypt, apt, dev, md, verbose, verify, passphrase, luksformat, ll, decryption, password, recoverable, unlock, luksopen, mylukspartition, haven, quot, controls, mapper, mount, encrypted, creates, etc, filesystem, mkfs, ext, mkdir, mnt, umount, luksclose,

Latest Articles

  • How To Upgrade Debian 8,9,10 to Debian 12 Bookworm
  • Linux dhcp dhclient Mint Redhat Ubuntu Debian How To Use Local Domain DNS Server Instead of ISPs
  • Docker dockerd swarm high CPU usage cause solution
  • Docker Minimum Requirements/How Efficient is Docker? How Much Memory Does Dockerd Use?
  • qemu-nbd: Failed to set NBD socket solution qemu-nbd: Disconnect client, due to: Failed to read request: Unexpected end-of-file before all bytes were read
  • apache2 httpd apache server will not start [pid 22449:tid 139972160445760] AH00052: child pid 23248 exit signal Aborted (6) solution Mint Debian Ubuntu Redhat
  • How to use the FTDI USB serial cable to RJ45 adapter to connect to the console on Cisco/Juniper Switch Router Firewall in Linux Ubuntu Debian Redhat
  • How To Setup Python3 in Ubuntu Docker Image for AI Deep Learning
  • How to Configure NVIDIA GPUs with Docker on Ubuntu: A Comprehensive Guide for AI Deep Learning CUDA Solution
  • Linux Ubuntu Mint how to check nameservers when /etc/resolv.conf disabled solution
  • Docker cannot work on other overlayfs filesystems such as ecryptfs won't start overlayfs: filesystem on '/home/docker/overlay2/check-overlayfs-support130645871/upper' not supported as upperdir
  • Linux How To Access Original Contents of Directory Mounted Debian Mint CentOS Redhat Solution
  • ecryptfs how to manually encrypt your existing home directory or other directory
  • How to Reset CIPC Cisco IP Communicator for CME CUCM CallManager
  • Internet Explorer Cannot Download File "Your security settings do not allow for this file to be downloaded." Security Settings Solution
  • Linux How To Upgrade To The Latest Kernel Debian Mint Ubuntu
  • Firefox how to restore and backup saved passwords and history which files/location
  • Linux How To echo as root solution to use tee permission denied solution Ubuntu Debian Mint Redhat CentOS
  • Linux how to keep command line bash process running if you are disconnected or need to logout of SSH remotely
  • Linux swapping too much? How to check the swappiness and stop swapping