In the current digital era, data security is of the utmost importance. The encryption of your data is a crucial step to preserve its confidentiality, whether you’re a business professional securing sensitive information or an individual protecting personal data. LUKS (Linux Unified Key Setup) is a powerful data encryption method provided by Linux. With LUKS, you may encrypt entire storage devices or specific partitions, combining high security with user-friendly functionality.
Understanding LUKS
“The Linux operating system includes a built-in feature called LUKS, commonly referred to as Linux Unified Key Setup, that aids in protecting your data. It resembles a unique lock for your files. A ‘container,’ or virtual safe, is what you make using LUKS. You use a secret key or password to lock this safe.
You can place your files inside the safe and remove them just like you would with a conventional computer folder once it has been unlocked.
Prerequisites
Before diving into the encryption process, ensure you have the following:
- A Linux-based operating system installed on your computer.
- Superuser Privilege or root access to your Linux system.
- Backed up any all your data, as the encryption process will erase the existing data on the selected storage device or partition.
Step 1: Launch a Terminal
Open a terminal window on your Linux system. This can typically be found in your applications menu or accessed by pressing Ctrl + Alt + T.
Step 2: Install the Necessary Package
Although most Linux distributions come with LUKS tools already installed, if they don’t, you can quickly install them using your package manager. Use this command on Debian-based systems (like Ubuntu):
apt-get install cryptsetup
For Alma Linux, Rocky, CentOS or Red Hat, Fedora systems
dnf install cryptsetup
Step 3: Verify the Target Storage Device or Partition
First, we create a partition using fdisk. If you do not know how to create a partition using fdisk,you can explore the man file for fdisk where you will find the procedure to create partitions.After you have created the partition, run the following commands in order. Determine the storage device or partition you intend to encrypt. You can use commands like lsblk or fdisk -l to list available storage devices and partitions.
Step 4: Initialize the LUKS Container
Utilize the cryptsetup command to initialize the LUKS container on your target storage device or partition. Replace /dev/sdX with the actual device or partition you wish to encrypt:
cryptsetup luksFormat /dev/sdaX
where X is the partition number.
During this process, you’ll be prompted to enter a passphrase. Ensure your passphrase is both robust and memorable, and confirm it when prompted.
Step 5: Open the LUKS Container
After initializing the LUKS container, open it using the following command:
cryptsetup open /dev/sdX my_encrypted_disk
Her name is the name of the device and can be anything, eg: This will ask for a passphrase, enter the same passphrase you created with luksFormat.
Step 6: Make a File System
Now create a file system on that partition as
root@server1# mkfs.ext4 /dev/mapper/secret
Step 7: Mount the Encrypted Partition
create a directory to mount the file system
mkdir /test
root@server1# mount /dev/mapper/secret /test
For permanent mounting, edit /etc/fstab as follows
/dev/mapper/secret /test ext4 defaults 1 2
If you want that password should be asked everytime the machine boots then create a file /etc/crypttab and make the following entries
secret /dev/sdaX
This will ask for the password every time your machine boots.
When finished working you can again lock the partition by
root@server1# umount /dev/mapper/secret
cryptsetup luksClose secret
Thus we see there are three stages while encrypting a partition
1) Encrypting a partition with a password.
2) Decrypting a partition and mounting the file system.
3) Again encrypting the partition
Enhancing data security on Linux involves a vital measure – LUKS encryption. By following these precautions, you can safeguard your sensitive information, making sure that even if someone else gets hold of your storage device, they won’t be able to access your data without the passphrase. To boost the security of your encrypted data, remember to keep a backup of your passphrase and create strong, unique passphrases