Encrypt Drive Using Luks

December 12, 2022

#linux #luks

First identify the drive by

$ lsblk
sda                 8:0    0 223.6G  0 disk  
├─sda1              8:1    0   512M  0 part  /boot
├─sda2              8:2    0     6G  0 part  [SWAP]
└─sda3              8:7    0    32G  0 part  /
sdb                 8:16   1  14.3G  0 disk

Encrypt and format

cryptsetup -y -v luksFormat --sector-size 4096 /dev/sdb
cryptsetup luksOpen /dev/sdb cryptdrive

# status of the drive
cryptsetup -v status cryptdrive

# to get the header informations
cryptsetup luksDump /dev/sdb

# replace with zero, `pv` shows the progress
# you can skip this part
pv -tpreb /dev/zero | dd of=/dev/mapper/cryptdrive bs=128M

# for standard linux ext4 file format
mkfs.ext4 /dev/mapper/cryptdrive
# or, make btrf file format
mkfs.btrfs -s 4096 /dev/mapper/cryptdrive

Mount

mkdir $HOME/tmp/mount
mount /dev/mapper/cryptdrive $HOME/tmp/mount

User permission

chown <user_name>:<user_name> -R $HOME/cryptdrive
cryptsetup close /dev/mapper/cryptdrive

For automatically mount the drive

FILE /etc/fstab
UUID=   <mount_location>       ext4        defaults    0 3