LUKS/cryptsetup Tutorial for Linux Hard Drive Partition Encryption

This is based on Debian Linux but should apply equally to any *nix distro.

Install LUKS/crypt-setup

apt-get install cryptsetup

Setup your LUKS Partition

Of course change /dev/md2 with whatever partition you intend to use LUKS on.

cryptsetup --verbose --verify-passphrase luksFormat /dev/md2

You'll be asked to verify your decryption password twice

*DO NOT FORGET THIS PASSWORD AS IT IS NOT RECOVERABLE!

Open/Unlock your LUKS Partition

cryptsetup luksOpen /dev/md2 mylukspartition

You'll be asked for your passphrase at this point (the one you entered above, hopefully you haven't forgotten it already!)

You can change "mylukspartition" to whatever you would like to call it, it just controls the name created in /dev/mapper which is the device you will use to mount the encrypted LUKS partition.

You'll find that the above command creates /dev/mapper/mylukspartition

This will create the device for your LUKS partition (remember you will never be able to open it directly and you'll always need the LUKS tools to unlock the partition, so keep this in mind when using a Live/Recovery CD etc...)

CREATE the filesystem on the LUKS device

mkfs.ext3 /dev/mapper/mylukspartition

*Of course you can use any filesystem over top of LUKS but most will probably use ext3

Mount the LUKS Partition

mkdir /mnt/luks

mount /dev/mapper/mylukspartition /mnt/luks

To Umount and Secure Your Data

cryptsetup luksClose /dev/mapper/mylukspartition

Now your data is safe and in order to mount (luksOpen) you will need the passphrase which only you should know.


Tags:

luks, cryptsetup, tutorial, linux, partition, encryptionthis, debian, equally, nix, distro, install, crypt, apt, dev, md, verbose, verify, passphrase, luksformat, ll, decryption, password, recoverable, unlock, luksopen, mylukspartition, haven, quot, controls, mapper, mount, encrypted, creates, etc, filesystem, mkfs, ext, mkdir, mnt, umount, luksclose,

Latest Articles

  • ssh Too many authentication failures not prompting for password
  • LightDM Mint Ubuntu Debian won't start errors Nvidia Graphics
  • WARNING: Unable to determine the path to install the libglvnd EGL vendor library config files. Check that you have pkg-config and the libglvnd development libraries installed, or specify a path with --glvnd-egl-config-path. Linux Ubuntu Mint Debian E
  • How To Upgrade Linux Mint 18.2 to 18.3 to 19.x and 20.x
  • MP3s Won't Play / ID3 Version 2.4 Issues in Cars and Other MP3 Players/CDs/DVDs Solution
  • LXC Containers LXD How to Install and Configure Tutorial Ubuntu Debian Mint
  • GlusterFS HowTo Tutorial For Distributed Storage in Docker, Kubernetes, LXC, KVM, Proxmox
  • Ubuntu Mint audio output not working pulseaudio "pulseaudio[13710]: [pulseaudio] sink-input.c: Failed to create sink input: too many inputs per sink."
  • How To Shrink Dynamically Allocated VM QEMU KVM VMware Disk Image File
  • How To Enable Linux Swapfile Instead of Partition Ubuntu Mint Debian Centos
  • 404 Not Found [IP: 151.101.194.132 80] apt update Debian 11 Bullseye Solution The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file.
  • WARNING: Can't download daily.cvd from db.local.clamav.net freshclam clamav error solution
  • (firefox:9562): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Failed to execute child process "dbus-launch" (No such file or directory) Solution
  • Debian Mint Ubuntu Which Package Provides missing top, ps and w Solution
  • Vbox Virtualbox DNS NAT Network Mode NOT working
  • Docker Tutorial HowTo Install Docker, Use and Create Docker Container Images Clustering Swarm Mode Monitoring Service Hosting Provider
  • Zoom Password Error 'That passcode was incorrect' - Solution Wrong Passcode Wrong Meeting Name
  • How To Startup and Open Remote/Local Folder/Directory in Ubuntu Linux Mint automatically upon login
  • How To Reset Windows Server Password 2019, 2022, 7, 8, 10, 11 Recovery and Removal Guide Using Linux Ubuntu Mint Debian
  • How To Create OpenVPN Server for Secure Remote Corporate Access in Linux Debian/Mint/Ubuntu with client public key authentication