Enabling Disk Encryption in a Nutshell

Instructions to encrypt a device on the command line. (source: https://security-flashcards.com)

The goal of this article is to present the minimal steps required to create an encrypted filesystem on a USB drive on Ubuntu. It is intended for people who are already familiar with the basic concepts and don’t need an explanation for each single step.

The Nutshell — Create an Encrypted Device

Let’s assume your device is /dev/sdb9. Then, perform the following steps as root to create an encrypted filesystem on that device.

cryptsetup luksFormat /dev/sdb9
cryptsetup luksOpen /dev/sdb9 mydrive
mkfs.ext4 /dev/mapper/mydrive -L labelofdrive -m 0
cryptsetup luksClose mydrive

Now, the next time you connect the device to your computer you will be asked for the password.


Does the following sound familiar to you?

Occasionally, you get a new device, you want to create an encrypted filesystem on that device so that the content is protected in case you lose it but you can’t remember the exact commands? You start to search with Google and a lot of articles pop up that contain a lot of noise. You have to go through all the noise to grab just the piece of information you are looking for. Welcome to my world.

To get the relevant information easier and reduce the frustration I’ve written this article and ordered the sections according to their relevance.


Install cryptsetup

Disks can be encrypted with a tool called cryptsetup. You can install it on Ubuntu as follows:

sudo apt-get install cryptsetup

Find Your USB Device

Use lsblk to find your USB device.

foo:~$ sudo lsblk
sda 8:0 0 465,8G 0 disk
└─sda1 8:1 0 465,8G 0 part
sdb 8:16 0 931,5G 0 disk
└─sdb1 8:17 0 931,5G 0 part
nvme0n1 259:0 0 477G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /boot/efi
├─nvme0n1p2 259:2 0 732M 0 part /boot
└─nvme0n1p3 259:3 0 475,7G 0 part
└─nvme0n1p3_crypt 253:0 0 475,7G 0 crypt
├─vgxubuntu-root 253:1 0 474,8G 0 lvm /
└─vgxubuntu-swap_1 253:2 0 980M 0 lvm [SWAP]


Download the image from https://security-flashcards.com/images/howto-01-create-encrypted-devices.png and print it on a A6 paper to have the commands always in front of you.




Dev-Sec-ML — https://twitter.com/_etzold — Creator of Security Flashcards https://security-flashcards.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Here’s What This Slovenian Startup Is Doing About Your Data Privacy

HTB Backdoor WIP writeup

Egregious Cloud Security Vulnerabilities

The Internet assumes your connection is unreliable (and how that’s a good thing)

XT Will List TKING

{UPDATE} Super Island Huson Hack Free Resources Generator

How to Remove Akamaihd.net Virus from Mac

GA-FFNN: An Intelligent Classification Approach for Signature-based IDS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Daniel Etzold

Daniel Etzold

Dev-Sec-ML — https://twitter.com/_etzold — Creator of Security Flashcards https://security-flashcards.com

More from Medium

How to set timezone and locale in an Ubuntu image properly

How to install Linux virtual machine on Windows using Hyper-V

How I build a crypto bot with Python, Docker, Rancher, Azure Devops and ArgoCD

Connect to Docker Service using hostname in Docker Swarm