Disk Encryption With LUKS

Originally meant for Linux, the Linux Unified Key Setup (LUKS) is “a disk encryption specification created by Clemens Fruhwirth in 2004”.1 LUKS is what I used to encrypt a partition of my external hard drive. As an experiment, I did the following:

  • Create a disk partition or partitions using fdisk. In my case, I created one partition that became /dev/sdc1 on my host computer.
  • Encrypt the partition using cryptsetup:
    • cryptsetup -vv luksFormat /dev/sdc1 where -v is for verbosity
  • You will be prompted for a password that will be used to lock the disk partition.
  • Unlock the partition:
    • cryptsetup -vv open /dev/sdc1 whatever_name
  • Format the partition to whatever filesystem you want (e.g. ext4):
    • mke2fs -vv -t ext4 /dev/mapper/whatever_name
  • Mount the partition and test it:
    • mount -t ext4 /dev/mapper/whatever_name /mnt/t01

To remove the external drive, you must first unmount the decrypted partition:

    umount /mnt/t01

Then, wipe the existing mapping and wipe the encryption key from kernel memory:

    cryptsetup close /dev/mapper/whatever_name

All the above commands were done as root. The host was running Ubuntu 20.04.1 LTS and the external hard drive was connected via USB 3.

I will continue with my experiments with encrypted disks. I am particularly interested in how to auto mount the encrypted disk at boot time. Luckily, there are a number of web articles on this matter. In a future article, I will try some of the procedures used in those web articles and discuss my own experience with auto mounting.

1 https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup