How to Encrypt the Hard Disk Partitions with DM-crypt

By encrypting the hard disk, you are securing the data in it from unauthorized access in case the device, for example, your laptop fall in wrong hands due to theft.

Every one of us has our private data that should be kept secure from theft. It includes family photos, personal documents, and any other data that is personal and need to be secured. Encryption is one way to keep your data safe and away from others.

When a hard disk is encrypted, no one can extract the data out of the hard drive without regular logging onto the PC.

Large organizations use encryption on the work computer to safeguard their data from the leak in case the employer loses the work computer.

Encrypt Hard Disk Partition on Ubuntu, Linux Mint, and elementary OS

In this tutorial, we are going to help you encrypt your hard disk partitions on Ubuntu and its derivatives, with easy and clear steps. Be careful when you are learning and doing it the first time. I recommend doing a trial of this tutorial on a small partition whose data is already backed up.

If you have installed popular Linux distros such as Ubuntu, Linux Mint, etc., you should have noticed an option offered during the installation process to set up an encrypted partition. That’s one way to encrypt the hard disk. Since you are here reading this tutorial, I’m assuming that you didn’t use the encryption process. In such case proceed as follows:

Creating a New Partition

You should create an empty unformatted partition to encrypt it. In case you do not have one then you can use Gparted to create one quickly:

Step 1. Insert your Ubuntu installation USB media and boot from it. Using the option “Try Ubuntu without installation”.

Step 2. After system starts, open GParted.

Open GParted
Open GParted

Step 3. Select your partition, right-click on it and choose “Resize/Move” option from the list.

Resize Partition
Resize Partition

Step 4. Move the right slide bar to the needed size. Then click “Resize/Move” button.

Resize Current Partition
Resize Current Partition

Step 5. Right click on the unallocated space and choose new.

Unallocated Partition
Unallocated Partition

Step 6. From the Filesystem menu choose “cleared” then press “Add” button. By default, ext4 is chosen. In our case we need it cleared which means unformatted.

Create New Partition
Create a New Partition

Step 7. On the top panel choose the green mark to apply your changes.

Apply Changes
Apply Changes

We have just created an unformatted partition which we will use to be our encrypted partition. Now you can quit GParted and reboot your system without the Ubuntu installation media.

Install Cryptsetup

Step 1. Ensure that your system is updated using the below commands.

sudo apt-get update
sudo apt-get upgrade

Step 2. Install the cryptsetup package.

sudo apt install cryptsetup

Install Cryptsetup
Install Cryptsetup

Step 3. To get your partition block device name use the next command. It will help you get the exact name of your new unformatted partition.


Block Device Name of Partition
Block Device Name of Partition

As you can see from the previous screenshot, we can now get the block device name from the partition size.

Another and more accurate way is by trying to mount the partition. Usually, this will give error cause there is no filesystem on the new partition.

Check Block Device Name of Partition
Check Block Device Name of Partition

As you can see it gave an error, it means that this is our intended partition.

Set up LUKS Header

Add LULS header to the partition using the previous block device name.

sudo cryptsetup luksFormat /dev/sda2

Add a LUKS header to Partition.
Add a LUKS header to Partition.

Be careful and type YES in uppercase as needed. Also, you will be prompted to enter a strong passphrase as a password.

Create Partition Filesystem

Step 1.  First, you will need to map the physical device to a virtual one.

sudo cryptsetup luksOpen /dev/sda2 encrypt-partition

Map physical to virtual device
Map physical to virtual device

Step 2. Now create an ext4 filesystem on the partition.

sudo mkfs.ext4 /dev/mapper/encrypt-partition

Create FileSystem to Partition
Create FileSystem to Partition

Step 3. Create a new directory that will be used to mount the filesystem to it.

mkdir ~/encrypt-storage

Step 4. Mount the new filesystem to it.

sudo mount /dev/mapper/encrypt-partition ~/encrypt-storage

Step 5. Locate to the new directory.

cd ~/encrypt-storage

Mount Encrypt Partition
Mount Encrypt Partition

Step 6. Next, we will grant permissions to your user to be able to read/write/execute on this new directory.

sudo chown $USER:$USER .

Step 7. Restrict and prevent other users from reading and writing on this directory.

Grant Users Permission
Grant Users Permission

Step 8. Now, you can check the new encrypted partition from your default file manager.

View From FileManager
View From FileManager

At this moment, we have created a new partition, encrypted it, and it is ready for storing your data on it. Once you finish your work on that partition, you can unmount it and lock it to keep it safe and secure. And in anytime you need to open this partition again you have to mount and unlock it.

Step 9. To unmount your partition.

sudo umount /dev/mapper/encrypt-partition

Step 10. To lock your partition.

sudo cryptsetup luksClose /dev/mapper/encrypt-partition

Finally, we have created an encrypted partition on your Ubuntu PC, where you can keep your data on it securely. I hope you have enjoyed this tutorial and in case you need any help, leave a comment, and we will be glad to help you.

Hend Adel
Hi! I'm Hend Adel, a freelancer technical geek with successful experience in Database, Linux and many other IT fields. I help to build solutions to suit business needs and creating streamlined processes. I love Linux and I'm here to share my skills via FOSS Linux! Thanks for reading my article.


Please enter your comment!
Please enter your name here




How to create Manjaro Linux Live USB drive in Windows PC

Create Manjaro Live USB flash drive
Manjaro Linux is based on the independently developed Arch operating system.  Arch Linux is already known to be an exceptionally fast, powerful, and lightweight distribution. But Arch Linux is typically targeted to geeks who have some Linux background and command-line usage.
In this article, we will take a look at 10 of the best PDF editors and tools out there in 2019 that are available for Linux platforms. The editors are going to be judged on the basis of their functionalities, portability, ease of installation, price, and convenience.
best linux distros for laptops
Whether buying a Linux pre-installed laptop or selecting a Linux distro for your existing laptop, there are many things to consider. Let's take you through some of the best Linux distros that are optimized for Laptops in this 2019 edition of the article. Read on.
switch to linux
Do you love Windows or Linux? Being on a Linux website, it's not hard to take a guess, but what are the strong reasons to switch to Linux? Linux is a 100% free OS. Is that reason alone enough? Let's find out! Never have there been more compelling reasons to make the switch. Here are just five great reasons for users to create that magical move from the wayward world of Windows to the lauded land of Linux.