How to Encrypt the Hard Disk Partitions with DM-crypt

By encrypting the hard disk, you are securing the data in it from unauthorized access in case the device, for example, your laptop fall in wrong hands due to theft.

Every one of us has our private data that should be kept secure from theft. It includes family photos, personal documents, and any other data that is personal and need to be secured. Encryption is one way to keep your data safe and away from others.

When a hard disk is encrypted, no one can extract the data out of the hard drive without regular logging onto the PC.

Large organizations use encryption on the work computer to safeguard their data from the leak in case the employer loses the work computer.

Encrypt Hard Disk Partition on Ubuntu, Linux Mint, and elementary OS

In this tutorial, we are going to help you encrypt your hard disk partitions on Ubuntu and its derivatives, with easy and clear steps. Be careful when you are learning and doing it the first time. I recommend doing a trial of this tutorial on a small partition whose data is already backed up.

If you have installed popular Linux distros such as Ubuntu, Linux Mint, etc., you should have noticed an option offered during the installation process to set up an encrypted partition. That’s one way to encrypt the hard disk. Since you are here reading this tutorial, I’m assuming that you didn’t use the encryption process. In such case proceed as follows:

Creating a New Partition

You should create an empty unformatted partition to encrypt it. In case you do not have one then you can use Gparted to create one quickly:

Step 1. Insert your Ubuntu installation USB media and boot from it. Using the option “Try Ubuntu without installation”.

Step 2. After system starts, open GParted.

Open GParted
Open GParted

Step 3. Select your partition, right-click on it and choose “Resize/Move” option from the list.

Resize Partition
Resize Partition

Step 4. Move the right slide bar to the needed size. Then click “Resize/Move” button.

Resize Current Partition
Resize Current Partition

Step 5. Right click on the unallocated space and choose new.

Unallocated Partition
Unallocated Partition

Step 6. From the Filesystem menu choose “cleared” then press “Add” button. By default, ext4 is chosen. In our case we need it cleared which means unformatted.

Create New Partition
Create a New Partition

Step 7. On the top panel choose the green mark to apply your changes.

Apply Changes
Apply Changes

We have just created an unformatted partition which we will use to be our encrypted partition. Now you can quit GParted and reboot your system without the Ubuntu installation media.

Install Cryptsetup

Step 1. Ensure that your system is updated using the below commands.

sudo apt-get update
sudo apt-get upgrade

Step 2. Install the cryptsetup package.

sudo apt install cryptsetup

Install Cryptsetup
Install Cryptsetup

Step 3. To get your partition block device name use the next command. It will help you get the exact name of your new unformatted partition.

lsblk

Block Device Name of Partition
Block Device Name of Partition

As you can see from the previous screenshot, we can now get the block device name from the partition size.

Another and more accurate way is by trying to mount the partition. Usually, this will give error cause there is no filesystem on the new partition.

Check Block Device Name of Partition
Check Block Device Name of Partition

As you can see it gave an error, it means that this is our intended partition.

Set up LUKS Header

Add LULS header to the partition using the previous block device name.

sudo cryptsetup luksFormat /dev/sda2

Add a LUKS header to Partition.
Add a LUKS header to Partition.

Be careful and type YES in uppercase as needed. Also, you will be prompted to enter a strong passphrase as a password.

Create Partition Filesystem

Step 1.  First, you will need to map the physical device to a virtual one.

sudo cryptsetup luksOpen /dev/sda2 encrypt-partition

Map physical to virtual device
Map physical to virtual device

Step 2. Now create an ext4 filesystem on the partition.

sudo mkfs.ext4 /dev/mapper/encrypt-partition

Create FileSystem to Partition
Create FileSystem to Partition

Step 3. Create a new directory that will be used to mount the filesystem to it.

mkdir ~/encrypt-storage

Step 4. Mount the new filesystem to it.

sudo mount /dev/mapper/encrypt-partition ~/encrypt-storage

Step 5. Locate to the new directory.

cd ~/encrypt-storage

Mount Encrypt Partition
Mount Encrypt Partition

Step 6. Next, we will grant permissions to your user to be able to read/write/execute on this new directory.

sudo chown $USER:$USER .

Step 7. Restrict and prevent other users from reading and writing on this directory.

Grant Users Permission
Grant Users Permission

Step 8. Now, you can check the new encrypted partition from your default file manager.

View From FileManager
View From FileManager

At this moment, we have created a new partition, encrypted it, and it is ready for storing your data on it. Once you finish your work on that partition, you can unmount it and lock it to keep it safe and secure. And in anytime you need to open this partition again you have to mount and unlock it.

Step 9. To unmount your partition.

sudo umount /dev/mapper/encrypt-partition

Step 10. To lock your partition.

sudo cryptsetup luksClose /dev/mapper/encrypt-partition

Finally, we have created an encrypted partition on your Ubuntu PC, where you can keep your data on it securely. I hope you have enjoyed this tutorial and in case you need any help, leave a comment, and we will be glad to help you.

SourceDM-crypt
Hend Adel
Hi! I'm Hend Adel, a freelancer technical geek with successful experience in Database, Linux and many other IT fields. I help to build solutions to suit business needs and creating streamlined processes. I love Linux and I'm here to share my skills via FOSS Linux! Thanks for reading my article.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

24,726FansLike
164FollowersFollow

LATEST ARTICLES