LUKS/cryptsetup Tutorial for Linux Hard Drive Partition Encryption

This is based on Debian Linux but should apply equally to any *nix distro.

Install LUKS/crypt-setup

apt-get install cryptsetup

Setup your LUKS Partition

Of course change /dev/md2 with whatever partition you intend to use LUKS on.

cryptsetup --verbose --verify-passphrase luksFormat /dev/md2

You'll be asked to verify your decryption password twice

*DO NOT FORGET THIS PASSWORD AS IT IS NOT RECOVERABLE!

Open/Unlock your LUKS Partition

cryptsetup luksOpen /dev/md2 mylukspartition

You'll be asked for your passphrase at this point (the one you entered above, hopefully you haven't forgotten it already!)

You can change "mylukspartition" to whatever you would like to call it, it just controls the name created in /dev/mapper which is the device you will use to mount the encrypted LUKS partition.

You'll find that the above command creates /dev/mapper/mylukspartition

This will create the device for your LUKS partition (remember you will never be able to open it directly and you'll always need the LUKS tools to unlock the partition, so keep this in mind when using a Live/Recovery CD etc...)

CREATE the filesystem on the LUKS device

mkfs.ext3 /dev/mapper/mylukspartition

*Of course you can use any filesystem over top of LUKS but most will probably use ext3

Mount the LUKS Partition

mkdir /mnt/luks

mount /dev/mapper/mylukspartition /mnt/luks

To Umount and Secure Your Data

cryptsetup luksClose /dev/mapper/mylukspartition

Now your data is safe and in order to mount (luksOpen) you will need the passphrase which only you should know.


Tags:

luks, cryptsetup, tutorial, linux, partition, encryptionthis, debian, equally, nix, distro, install, crypt, apt, dev, md, verbose, verify, passphrase, luksformat, ll, decryption, password, recoverable, unlock, luksopen, mylukspartition, haven, quot, controls, mapper, mount, encrypted, creates, etc, filesystem, mkfs, ext, mkdir, mnt, umount, luksclose,

Latest Articles

  • qemu: could not load PC BIOS 'bios-256k.bin' solution
  • Proxmox How To Custom Partition During Install
  • Hyper-V Linux VM Boots to Black Screen, Storage, NIC Not Found Issues
  • Ubuntu Mint How to Fix Missing/Broken /dev and /dev/pts which causes terminal to immediately close exit and not work
  • How high can a Xeon CPU get?
  • bash fix PATH environment variable "command not found" solution
  • Ubuntu Linux Mint Debian Redhat Youtube Cannot Play HD or 4K videos, dropped frames or high CPU usage with Nvidia or AMD Driver
  • hostapd example configuration for high speed AC on 5GHz using WPA2
  • hostapd how to enable and use WPS to connect wireless devices like printers
  • Dell Server Workstation iDRAC Dead after Firmware Update Solution R720, R320, R730
  • Cloned VM/Server/Computer in Linux won't boot and goes to initramfs busybox Solution
  • How To Add Windows 7 8 10 11 to GRUB Boot List Dual Booting
  • How to configure OpenDKIM on Linux with Postfix and setup bind zonefile
  • Debian Ubuntu 10/11/12 Linux how to get tftpd-hpa server setup tutorial
  • efibootmgr: option requires an argument -- 'd' efibootmgr version 15 grub-install.real: error: efibootmgr failed to register the boot entry: Operation not permitted.
  • Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif
  • Linux Debian Mint Ubuntu Bridge br0 gets random IP
  • redis requirements
  • How to kill a docker swarm
  • docker swarm silly issues