How to Encrypt a Partition in Linux

how to encrypt a partition in linux

With Linux you have a number of ways to add encryption to your servers and desktops. One of the more secure routes is encrypting an entire partition (as opposed to folder-level encryption). By encrypting an entire partition, you no longer have to worry that you might have left a crucial directory unencrypted.

Let us walk you through the process of encrypting an empty partition that you can then move your data into.

Installation

Before we get to the encryption, we have to install the tool to take care of the process. For this demonstration we will be using Ubuntu, to encrypt the partition sdb1.

Open up a terminal window and issue the command:

sudo apt-get install cryptsetup-bin

Encrypting Your Partition

Before we encrypt, let’s ensure we have the right partition. From the terminal window, issue the command sudo lsblk. This command will list all block devices attached to the machine.

Before you can encrypt the partition, it must be unmounted. You can do this from your file manager or from the command line.

For example, /dev/sda1 is mounted to the /data directory. To unmount that from the command line, you would issue:
sudo umount /data

Now that we are certain the partition we want to encrypt is sda1 (and it isn’t mounted), we issue the command:
sudo cryptsetup luksFormat /dev/sda1

You will be given a warning (see below) and asked to type YES to continue

WARNING!
========
This will overwrite data on /dev/sda1 irrevocably.
Are you sure? (Type uppercase yes): YES

Next you’ll be asked to type and verify a passphrase for the encryption. Make it strong.

The /dev/sda1 partition is now encrypted. You can check on that by opening up your file manager. If you see the tiny lock icon associated with the drive, you know the partition has been encrypted.

Mounting the Partition

In most cases, the best way to mount the partition is from the command line:

  1. Issue the command sudo cryptsetup luksOpen /dev/sda1/ crypthome
  2. Create a directory to mount the partition with the command sudo mkdir /mnt/crypthome
  3. Mount the encrypted partition to the new directory with the command sudo mount /dev/mapper/crypthome /mnt/crypthome


You will probably have to adjust the permissions of the /mnt/crypthomedirectory, depending upon your needs (otherwise, your encrypted partition is now available).