Home Encryption How to Encrypt the Hard Disk Partitions with DM-crypt

How to Encrypt the Hard Disk Partitions with DM-crypt

by Hend Adel
Published: Updated:
Encrypt hard disk ubuntu

Every one of us has our private data that should be kept secure from theft. It includes family photos, personal documents, and any other data that is personal and need to be secured. Encryption is one way to keep your data safe and away from others.

When a hard disk is encrypted, no one can extract the data out of the hard drive without regular logging onto the PC.

Large organizations use encryption on the work computer to safeguard their data from the leak in case the employer loses the work computer.

Encrypt Hard Disk Partition on Ubuntu, Linux Mint, and elementary OS

In this tutorial, we are going to help you encrypt your hard disk partitions on Ubuntu and its derivatives, with easy and clear steps. Be careful when you are learning and doing it the first time. I recommend doing a trial of this tutorial on a small partition whose data is already backed up.

If you have installed popular Linux distros such as Ubuntu, Linux Mint, etc., you should have noticed an option offered during the installation process to set up an encrypted partition. That’s one way to encrypt the hard disk. Since you are here reading this tutorial, I’m assuming that you didn’t use the encryption process. In such case proceed as follows:

Creating a New Partition

You should create an empty unformatted partition to encrypt it. In case you do not have one then you can use Gparted to create one quickly:

Step 1. Insert your Ubuntu installation USB media and boot from it. Using the option “Try Ubuntu without installation”.

Step 2. After system starts, open GParted.

Open GParted

Open GParted

Step 3. Select your partition, right-click on it and choose “Resize/Move” option from the list.

Resize Partition

Resize Partition

Step 4. Move the right slide bar to the needed size. Then click “Resize/Move” button.

Resize Current Partition

Resize Current Partition

Step 5. Right click on the unallocated space and choose new.

Unallocated Partition

Unallocated Partition

Step 6. From the Filesystem menu choose “cleared” then press “Add” button. By default, ext4 is chosen. In our case we need it cleared which means unformatted.

Create New Partition

Create a New Partition

Step 7. On the top panel choose the green mark to apply your changes.

Apply Changes

Apply Changes

We have just created an unformatted partition which we will use to be our encrypted partition. Now you can quit GParted and reboot your system without the Ubuntu installation media.

Install Cryptsetup

Step 1. Ensure that your system is updated using the below commands.

sudo apt-get update
sudo apt-get upgrade

Step 2. Install the cryptsetup package.

sudo apt install cryptsetup
Install Cryptsetup

Install Cryptsetup

Step 3. To get your partition block device name use the next command. It will help you get the exact name of your new unformatted partition.

lsblk
Block Device Name of Partition

Block Device Name of Partition

As you can see from the previous screenshot, we can now get the block device name from the partition size.

Another and more accurate way is by trying to mount the partition. Usually, this will give error cause there is no filesystem on the new partition.

Check Block Device Name of Partition

Check Block Device Name of Partition

As you can see it gave an error, it means that this is our intended partition.

Set up LUKS Header

Add LULS header to the partition using the previous block device name.

sudo cryptsetup luksFormat /dev/sda2
Add a LUKS header to Partition.

Add a LUKS header to Partition.

Be careful and type YES in uppercase as needed. Also, you will be prompted to enter a strong passphrase as a password.

Create Partition Filesystem

Step 1.  First, you will need to map the physical device to a virtual one.

sudo cryptsetup luksOpen /dev/sda2 encrypt-partition
Map physical to virtual device

Map physical to virtual device

Step 2. Now create an ext4 filesystem on the partition.

sudo mkfs.ext4 /dev/mapper/encrypt-partition
Create FileSystem to Partition

Create FileSystem to Partition

Step 3. Create a new directory that will be used to mount the filesystem to it.

mkdir ~/encrypt-storage

Step 4. Mount the new filesystem to it.

sudo mount /dev/mapper/encrypt-partition ~/encrypt-storage

Step 5. Locate to the new directory.

cd ~/encrypt-storage
Mount Encrypt Partition

Mount Encrypt Partition

Step 6. Next, we will grant permissions to your user to be able to read/write/execute on this new directory.

sudo chown $USER:$USER .

Step 7. Restrict and prevent other users from reading and writing on this directory.

Grant Users Permission

Grant Users Permission

Step 8. Now, you can check the new encrypted partition from your default file manager.

View From FileManager

View From FileManager

At this moment, we have created a new partition, encrypted it, and it is ready for storing your data on it. Once you finish your work on that partition, you can unmount it and lock it to keep it safe and secure. And in anytime you need to open this partition again you have to mount and unlock it.

Step 9. To unmount your partition.

sudo umount /dev/mapper/encrypt-partition

Step 10. To lock your partition.

sudo cryptsetup luksClose /dev/mapper/encrypt-partition

Finally, we have created an encrypted partition on your Ubuntu PC, where you can keep your data on it securely. I hope you have enjoyed this tutorial and in case you need any help, leave a comment, and we will be glad to help you.

You may also like

Leave a Comment

fl_logo_v3_footer

ENHANCE YOUR LINUX EXPERIENCE.



FOSS Linux is a leading resource for Linux enthusiasts and professionals alike. With a focus on providing the best Linux tutorials, open-source apps, news, and reviews written by team of expert authors. FOSS Linux is the go-to source for all things Linux.

Whether you’re a beginner or an experienced user, FOSS Linux has something for everyone.

Follow Us

Subscribe

©2016-2023 FOSS LINUX

A PART OF VIBRANT LEAF MEDIA COMPANY.

ALL RIGHTS RESERVED.

“Linux” is the registered trademark by Linus Torvalds in the U.S. and other countries.