A quick guide to encrypting an external drive

luks-logoI am guilty for not having considered encrypting my hard drives for too long, I confess. As soon as I joined Telenor Digital (or, actually, early in the process but a bit too late…) I was commanded to encrypt my data and I couldn’t delay any more. To my utter surprise, the process was surprisingly simple in my Debian jessie! Here is a short checklist for your convenience.

Say you have an external hard drive with one partition attached to the system as /dev/sdb1. To encrypt the filesystem you will:

  • ensure that the partition is not mounted;
  • install cryptsetup;
  • run cryptsetup -y luksFormat /dev/sdb1 – that will ask you for a passphrase (twice to verify that you didn’t mistype) and initialize LUKS on the partition;
  • if now you run cryptsetup open /dev/sdb1 backupdisk you will unlock the encrypted partition by create a mapping between the device /dev/mapper/backupdisk and /dev/sdb1. You can think of the former as the interface to latter: the system will read and write to /dev/mapper/backupdisk like if it was a plain drive while, behind the scenes, it is reading and writing data to /dev/sdb1 that is decrypted/encrypted on the fly;
  • create a filesystem on the mapped drive: mkfs.ext4 /dev/mapper/backupdisk
  • and the drive is now ready for use! You can mount it: mount /dev/mapper/backupdisk /mnt
  • and do operations on it: ls -l /mnt
  • and unmount it when you are done: umount /mnt

When you are doing operations on the command line you are also supposed to close the drive when you are done, that is (in this specific case): remove the association between /dev/mapper/backupdisk and /dev/sdb1. But there is a nice bonus: if you are running GNOME or any other desktop environment that supports a keyring, the desktop environment can save your passphrase and open/close the drive automatically for you!

And that’s all for now. I hope to have some time shortly to write about how you can encrypt a partition on your system/laptop. Until then, enjoy!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.