LUKS/cryptsetup Tutorial for Linux Hard Drive Partition Encryption

This is based on Debian Linux but should apply equally to any *nix distro.

Install LUKS/crypt-setup

apt-get install cryptsetup

Setup your LUKS Partition

Of course change /dev/md2 with whatever partition you intend to use LUKS on.

cryptsetup --verbose --verify-passphrase luksFormat /dev/md2

You'll be asked to verify your decryption password twice

*DO NOT FORGET THIS PASSWORD AS IT IS NOT RECOVERABLE!

Open/Unlock your LUKS Partition

cryptsetup luksOpen /dev/md2 mylukspartition

You'll be asked for your passphrase at this point (the one you entered above, hopefully you haven't forgotten it already!)

You can change "mylukspartition" to whatever you would like to call it, it just controls the name created in /dev/mapper which is the device you will use to mount the encrypted LUKS partition.

You'll find that the above command creates /dev/mapper/mylukspartition

This will create the device for your LUKS partition (remember you will never be able to open it directly and you'll always need the LUKS tools to unlock the partition, so keep this in mind when using a Live/Recovery CD etc...)

CREATE the filesystem on the LUKS device

mkfs.ext3 /dev/mapper/mylukspartition

*Of course you can use any filesystem over top of LUKS but most will probably use ext3

Mount the LUKS Partition

mkdir /mnt/luks

mount /dev/mapper/mylukspartition /mnt/luks

To Umount and Secure Your Data

cryptsetup luksClose /dev/mapper/mylukspartition

Now your data is safe and in order to mount (luksOpen) you will need the passphrase which only you should know.


Tags:

luks, cryptsetup, tutorial, linux, partition, encryptionthis, debian, equally, nix, distro, install, crypt, apt, dev, md, verbose, verify, passphrase, luksformat, ll, decryption, password, recoverable, unlock, luksopen, mylukspartition, haven, quot, controls, mapper, mount, encrypted, creates, etc, filesystem, mkfs, ext, mkdir, mnt, umount, luksclose,

Latest Articles

  • Aruba/HP/Dell IAP Wireless Controller Common Default Passwords
  • Debian, Mint Ubuntu how to remove package and associated config files
  • Linux Grub not booting the intended kernel solution in Debian, Mint, Ubuntu how to specify which kernel to boot by default
  • QEMU KVM Keyboard Problems Not Working Right Repeating Characters, Ctrl+C Copy and Paste not working right when using PS2 mouse in guests Solution
  • Linux how to compile binary with static sharedobjects embedded instead of dynamic to use on multi-distributions and avoid glibc compatiblity issues
  • /bin/sh: msgfmt: not found error solution on Linux Compilation Ubuntu Debian Mint Centos
  • Mikrotik RouterOS CHR/ISO Basic and Quick Setup Howto Guide
  • qemu 4 compilation options
  • CentOS 7 8 PXEBoot Netinstall Not Working Solution "Pane is dead "new value non-exisetnt xfs filesystem is not valid as a default fs type"
  • CentOS 6 EOL yum repo won't work Error: Cannot find a valid baseurl for repo: base Solution
  • CentOS 7 8 How To Disable SELinux
  • Wordpress How To Add Featured Image To Post in Hueman Theme
  • kdenlive full reset how to erase all config files
  • CentOS 7 8 yum error Trying other mirror. To address this issue please refer to the below wiki article
  • Microsoft Teams Linux - Calendar Doesn't Work Missed Meetings!
  • Scanner not working in Linux Ubuntu Fedora Mint Debian over the network? Use sane-airscan!
  • How To Boot, Install and Run Windows 2000 on QEMU-KVM
  • bash cannot execute permission denied
  • Huion and Wacom Tablets How To Install in Linux Mint / Ubuntu and make the stylus work properly
  • ffmpeg how to cut certain parts of video out