How to Encrypt the Hard Disk Partitions with DM-crypt

By encrypting the hard disk, you are securing the data in it from unauthorized access in case the device, for example, your laptop fall in wrong hands due to theft.

Every one of us has our private data that should be kept secure from theft. It includes family photos, personal documents, and any other data that is personal and need to be secured. Encryption is one way to keep your data safe and away from others.

When a hard disk is encrypted, no one can extract the data out of the hard drive without regular logging onto the PC.

Large organizations use encryption on the work computer to safeguard their data from the leak in case the employer loses the work computer.

Encrypt Hard Disk Partition on Ubuntu, Linux Mint, and elementary OS

In this tutorial, we are going to help you encrypt your hard disk partitions on Ubuntu and its derivatives, with easy and clear steps. Be careful when you are learning and doing it the first time. I recommend doing a trial of this tutorial on a small partition whose data is already backed up.

If you have installed popular Linux distros such as Ubuntu, Linux Mint, etc., you should have noticed an option offered during the installation process to set up an encrypted partition. That’s one way to encrypt the hard disk. Since you are here reading this tutorial, I’m assuming that you didn’t use the encryption process. In such case proceed as follows:

Creating a New Partition

You should create an empty unformatted partition to encrypt it. In case you do not have one then you can use Gparted to create one quickly:

Step 1. Insert your Ubuntu installation USB media and boot from it. Using the option “Try Ubuntu without installation”.

Step 2. After system starts, open GParted.

Open GParted
Open GParted

Step 3. Select your partition, right-click on it and choose “Resize/Move” option from the list.

Resize Partition
Resize Partition

Step 4. Move the right slide bar to the needed size. Then click “Resize/Move” button.

Resize Current Partition
Resize Current Partition

Step 5. Right click on the unallocated space and choose new.

Unallocated Partition
Unallocated Partition

Step 6. From the Filesystem menu choose “cleared” then press “Add” button. By default, ext4 is chosen. In our case we need it cleared which means unformatted.

Create New Partition
Create a New Partition

Step 7. On the top panel choose the green mark to apply your changes.

Apply Changes
Apply Changes

We have just created an unformatted partition which we will use to be our encrypted partition. Now you can quit GParted and reboot your system without the Ubuntu installation media.

Install Cryptsetup

Step 1. Ensure that your system is updated using the below commands.

sudo apt-get update
sudo apt-get upgrade

Step 2. Install the cryptsetup package.

sudo apt install cryptsetup

Install Cryptsetup
Install Cryptsetup

Step 3. To get your partition block device name use the next command. It will help you get the exact name of your new unformatted partition.

lsblk

Block Device Name of Partition
Block Device Name of Partition

As you can see from the previous screenshot, we can now get the block device name from the partition size.

Another and more accurate way is by trying to mount the partition. Usually, this will give error cause there is no filesystem on the new partition.

Check Block Device Name of Partition
Check Block Device Name of Partition

As you can see it gave an error, it means that this is our intended partition.

Set up LUKS Header

Add LULS header to the partition using the previous block device name.

sudo cryptsetup luksFormat /dev/sda2

Add a LUKS header to Partition.
Add a LUKS header to Partition.

Be careful and type YES in uppercase as needed. Also, you will be prompted to enter a strong passphrase as a password.

Create Partition Filesystem

Step 1.  First, you will need to map the physical device to a virtual one.

sudo cryptsetup luksOpen /dev/sda2 encrypt-partition

Map physical to virtual device
Map physical to virtual device

Step 2. Now create an ext4 filesystem on the partition.

sudo mkfs.ext4 /dev/mapper/encrypt-partition

Create FileSystem to Partition
Create FileSystem to Partition

Step 3. Create a new directory that will be used to mount the filesystem to it.

mkdir ~/encrypt-storage

Step 4. Mount the new filesystem to it.

sudo mount /dev/mapper/encrypt-partition ~/encrypt-storage

Step 5. Locate to the new directory.

cd ~/encrypt-storage

Mount Encrypt Partition
Mount Encrypt Partition

Step 6. Next, we will grant permissions to your user to be able to read/write/execute on this new directory.

sudo chown $USER:$USER .

Step 7. Restrict and prevent other users from reading and writing on this directory.

Grant Users Permission
Grant Users Permission

Step 8. Now, you can check the new encrypted partition from your default file manager.

View From FileManager
View From FileManager

At this moment, we have created a new partition, encrypted it, and it is ready for storing your data on it. Once you finish your work on that partition, you can unmount it and lock it to keep it safe and secure. And in anytime you need to open this partition again you have to mount and unlock it.

Step 9. To unmount your partition.

sudo umount /dev/mapper/encrypt-partition

Step 10. To lock your partition.

sudo cryptsetup luksClose /dev/mapper/encrypt-partition

Finally, we have created an encrypted partition on your Ubuntu PC, where you can keep your data on it securely. I hope you have enjoyed this tutorial and in case you need any help, leave a comment, and we will be glad to help you.

SourceDM-crypt
Hend Adel
Hi! I'm Hend Adel, a freelancer technical geek with successful experience in Database, Linux and many other IT fields. I help to build solutions to suit business needs and creating streamlined processes. I love Linux and I'm here to share my skills via FOSS Linux! Thanks for reading my article.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

23,241FansLike
391FollowersFollow
16SubscribersSubscribe

LATEST ARTICLES

MUST READ

The Ubuntu Cinnamon Remix brings together Linux Mint's Cinnamon desktop with the Ubuntu Core. While some users are welcoming the new flavor of Ubuntu with open arms, others are scratching their heads, wondering where it fits in.
The wait is finally over (almost) for all you Ubuntu fans out there. The latest version of Ubuntu, 20.10 codenamed "Groovy Gorilla," is currently available in the beta version. I have tested out the distro myself, and it is stable enough to take out for a spin.

Ubuntu MATE 20.04 LTS Review: Refinement at its Best

Ubuntu MATE 20.04 LTS was released a week ago after two years of development. Official updates and security patches will be provided until April 2025. I have installed it on my test laptop for a spin and here are my observations based on almost a week usage.

6 Best Linux Distros for Laptops

Whether buying a Linux pre-installed laptop or selecting a Linux distro for your existing laptop, there are many things to consider. Let's take you through some of the best Linux distros that are optimized for Laptops in this 2019 edition of the article. Read on.

6 ways to find out your Linux file system type

Any Operating system in the market whether its Windows, Linux, Unix, macOS, and any other, must be able to access and manage files and data on storage devices.

6 Best Linux Distros for Programmers and Developers

Linux distros have long been a favorite among programmers since the rise in popularity of the OS in the nineties. Programmers are technical by nature, and Linux distros appeal to that technical nature. Let's discuss why Linux is a great desktop OS for programmers and developers, and find out best distros suitable for them.