Enabling Disk Encryption in a Nutshell
The goal of this article is to present the minimal steps required to create an encrypted filesystem on a USB drive on Ubuntu. It is intended for people who are already familiar with the basic concepts and don’t need an explanation for each single step.
The Nutshell — Create an Encrypted Device
Let’s assume your device is /dev/sdb9. Then, perform the following steps as root to create an encrypted filesystem on that device.
cryptsetup luksFormat /dev/sdb9
cryptsetup luksOpen /dev/sdb9 mydrive
mkfs.ext4 /dev/mapper/mydrive -L labelofdrive -m 0
cryptsetup luksClose mydrive
Now, the next time you connect the device to your computer you will be asked for the password.
Does the following sound familiar to you?
Occasionally, you get a new device, you want to create an encrypted filesystem on that device so that the content is protected in case you lose it but you can’t remember the exact commands? You start to search with Google and a lot of articles pop up that contain a lot of noise. You have to go through all the noise to grab just the piece of information you are looking for. Welcome to my world.
To get the relevant information easier and reduce the frustration I’ve written this article and ordered the sections according to their relevance.
Disks can be encrypted with a tool called cryptsetup. You can install it on Ubuntu as follows:
sudo apt-get install cryptsetup
Find Your USB Device
Use lsblk to find your USB device.
foo:~$ sudo lsblk
sda 8:0 0 465,8G 0 disk
└─sda1 8:1 0 465,8G 0 part
sdb 8:16 0 931,5G 0 disk
└─sdb1 8:17 0 931,5G 0 part
nvme0n1 259:0 0 477G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /boot/efi
├─nvme0n1p2 259:2 0 732M 0 part /boot
└─nvme0n1p3 259:3 0 475,7G 0 part
└─nvme0n1p3_crypt 253:0 0 475,7G 0 crypt
├─vgxubuntu-root 253:1 0 474,8G 0 lvm /
└─vgxubuntu-swap_1 253:2 0 980M 0 lvm [SWAP]
Download the image from https://security-flashcards.com/images/howto-01-create-encrypted-devices.png and print it on a A6 paper to have the commands always in front of you.