How to Encrypt a Partition in Linux

how to encrypt a partition in linux

You can protect your data by encrypting a partition in Linux.

With Linux, you actually have a number of ways to add encryption to your servers and desktops. One of the more secure routes is encrypting an entire partition (as opposed to folder-level encryption). By encrypting an entire partition in Linux, you no longer have to worry that you might have left a crucial directory unencrypted.

Let us walk you through the process of encrypting an empty partition that you can then move your data into. (We also have instructions for encrypting your hard drive in Windows 10 or macOS.

1. Installation

Before we get to the encryption in Linux, we have to install the tool to take care of the process. For this demonstration we will be using Ubuntu, to encrypt the partition sdb1.

Open up a terminal window and issue the command:

sudo apt-get install cryptsetup-bin

2. Encrypting Your Partition

Before we encrypt, let’s ensure we have the right partition. From the terminal window, issue the command sudo lsblk. This command will list all block devices attached to the machine.

Before you can encrypt the partition, it must be unmounted. You can do this from your file manager or from the command line.

For example, /dev/sda1 is mounted to the /data directory. To unmount that from the command line, you would issue:
sudo umount /data

Now that we are certain the partition we want to encrypt is sda1 (and it isn’t mounted), issue the command:
sudo cryptsetup luksFormat /dev/sda1

You will see a warning (see below) and asked to type YES to continue.

WARNING!

========
This will overwrite data on /dev/sda1 irrevocably.
Are you sure? (Type uppercase yes): YES

Next, you’ll be asked to type and verify a passphrase for the encryption. Make it a strong password or passphrase.

The /dev/sda1 partition is now encrypted. You can check on that by opening up your file manager. If you see the tiny lock icon associated with the drive, you know the partition has been encrypted.

3. Mounting the Partition

In most cases, the best way to mount the partition is from the command line:

  1. Issue the command sudo cryptsetup luksOpen /dev/sda1/ crypthome
  2. Create a directory to mount the partition with the command sudo mkdir /mnt/crypthome
  3. Mount the encrypted partition to the new directory with the command sudo mount /dev/mapper/crypthome /mnt/crypthome

You will probably have to adjust the permissions of the /mnt/crypthome directory, depending upon your needs. Otherwise, your encrypted partition in Linux is now available.

If your information security policies require encryption on your devices, these instructions will help you meet that responsibility.

Encryption is a basic way to make sure your data, or your company’s data, stays safe.

Does your company have an encryption policy?


Get custom information security policies generated for your business in minutes. Securicy guides you through creating, implementing, and managing your cybersecurity plan.

GET A FREE ACCOUNT