Encrypting a drive with LUKS – Ubuntu Linux

Linux LUKS
Linux LUKS Poser Image

Encryption is how the world keeps data private and secure, it is what enables secure administration, online purchases, bank transactions, and many more things that make the Internet what it is; you could argue that it is the most important technology that allows the Internet to be what it is today. One of the very important roles encryption plays is keeping data safe and private while it is at rest, this comes in the form of whole disk encryption, while any data is on that drive it is encrypted and if that drive is lost or stolen, before any of that data is read it would first need to be decrypted. Today I will show you how to encrypt an entire drive with LUKS so you can take that drive anywhere and not worry about it getting lost or stolen, I will not go into encrypting your system disk but rather an external hard disk, second hard disk, flash drive etc.


Step 1

via SSH Posts

First thing first you will need to find yourself a drive of some sort, this could be an SD card, flash drive, HDD, SSD, anything that is an external storage device. If this is a device that you are re purposing make sure that before preforming any of the following steps you take any data off of that drive because doing this will erase the data on your drive.

Step 2

Insert and Encrypt the Drive with LUKS

Insert your drive into your computer and find what device is using by the following command.

If you only have the system drive in your computer it will probably be using /dev/sdb but make sure you always check and not assume. You are looking for the device that is the same size as the drive you just inserted, in my case it is /dev/sdb as you can see below.

Now issue this command to encrypt the drive *NOTE* This will erase ALL data!

This will start a small wizard taking you through confirming what you want to do and creating a passphrase.

Then create your password and confirm.

Upon entering your passphrase correctly both times you will see “Command successful”.

Make sure that you chose a strong password because if you don’t someone will be able to brute force your password thus defeating the purpose of encrypting your drive in the first place. At this point the drive is now setup to work with LUKS format encryption.


Step 3

Decrypt Drive and write all zeros to the drive

Now we need to decrypt the drive so we can access the drive and write all zeros to the drive. While writing zeros to the drive is technically optional I highly advise you to do so while it is not a complete and secure wipe of any data that may be on there like Dban would do it will clear out any data that was on each of the sectors previously and write encrypted zeros to the drive.

Decrypt the drive so we can write to it.

Just to be clear the “drive” option is simply an arbitrary name that I used that I decided to use, you can chose any name that makes sense to you but make note of it because we will need it later.

Write all zeros to the drive.

Be aware that this will take a long time to preform especially if you have a large drive as it writes to the entire drive. I would advise you to do this on a workstation that you can leave on overnight.


Step 4

Create Filesystem

Now we have to create a file system so we can begin using the drive.

You should get output similar to below.

And now close the drive.

At this point you have an encrypted drive that you can use and have the piece of mind that if you lose it people will not be able to access your data.


Mounting the Drive

Now in the future after you plugin the drive to the computer follow the following steps to access the drive. Note that if you have a GUI on the computer it should automatically pull up a window asking you for the drives password so you wont need to do this but on a device without a GUI you will need to.

Note that in the second command “/media/flashdrive” can be any location on the computer that you want to use as the mount point


Un-mounting the Drive

To un-mount the drive you need to issue the following commands

Now you can safely remove your drive.


More Streamline Process

Because this can be alot of commands to remember and need to reference all the time I created a bash script that is a wizard automating the process of encrypting a drive, mounting a drive, and un-mounting a drive. You can find that script at https://github.com/superadm1n/cryptool.


And that is all there is to it, I hope this was able to help you out and if it did please share on social media! If you are looking for additional information on various Linux topics check out my collection of Linux articles here.

Be the first to comment

Leave a Reply

Your email address will not be published.