Encrypt your data using LUKS (Linux)

In the current digital era, data security is of the utmost importance. The encryption of your data is a crucial step to preserve its confidentiality, whether you’re a business professional securing sensitive information or an individual protecting personal data. LUKS (Linux Unified Key Setup) is a powerful data encryption method provided by Linux. With LUKS, you may encrypt entire storage devices or specific partitions, combining high security with user-friendly functionality. 

Understanding LUKS

“The Linux operating system includes a built-in feature called LUKS, commonly referred to as Linux Unified Key Setup, that aids in protecting your data. It resembles a unique lock for your files. A ‘container,’ or virtual safe, is what you make using LUKS. You use a secret key or password to lock this safe.

You can place your files inside the safe and remove them just like you would with a conventional computer folder once it has been unlocked.

Prerequisites

Before diving into the encryption process, ensure you have the following:

  1. A Linux-based operating system installed on your computer.
  2. Superuser Privilege or root access to your Linux system.
  3. Backed up any all your data, as the encryption process will erase the existing data on the selected storage device or partition.

Step 1: Launch a Terminal

Open a terminal window on your Linux system. This can typically be found in your applications menu or accessed by pressing Ctrl + Alt + T.

Step 2: Install the Necessary Package

Although most Linux distributions come with LUKS tools already installed, if they don’t, you can quickly install them using your package manager. Use this command on Debian-based systems (like Ubuntu):

apt-get install cryptsetup

For Alma , Rocky, CentOS  or Red Hat , Fedora systems 

 dnf install cryptsetup

Step 3: Verify the Target Storage Device or Partition

First we create a partition using fdisk. If you do not know how to create a partition using fdisk,you can explore the man file for fdisk where you will find the procedure to create partitions.After you have created the partition,run the following commands in order. Determine the storage device or partition you intend to encrypt. You can use commands like lsblk or fdisk -l to list available storage devices and partitions.

Step 4: Initialize the LUKS Container

Utilize the cryptsetup command to initialize the LUKS container on your target storage device or partition. Replace /dev/sdX with the actual device or partition you wish to encrypt:

 cryptsetup luksFormat /dev/sdaX

here X is the partition number.

During this process, you’ll be prompted to enter a passphrase. Ensure your passphrase is both robust and memorable, and confirm it when prompted.

Step 5: Open the LUKS Container

After initializing the LUKS container, open it using the following command:

cryptsetup open /dev/sdX my_encrypted_disk

Here name is name of the device and can be anything,for eg: This will ask for a passphrase ,enter the same passphrase you created with luksFormat.

Step 6: Make a File System

Now create a file system on that partition as

root@server1# mkfs.ext4 /dev/mapper/secret

Step 7: Mount the Encrypted Partition

create a directory to mount the file system

 mkdir /test
root@server1# mount /dev/mapper/secret       /test

For permanent mounting,edit /etc/fstab as follows

/dev/mapper/secret      /test      ext4       defaults               1 2

If you want that password should be asked everytime the machine boots then create a file /etc/crypttab and make following entries

 secret   /dev/sdaX

This will ask for password every time your machine boots.

When finished working you can again lock the partition by

root@server1# umount /dev/mapper/secret
 cryptsetup luksClose secret

Thus we see there are three stages while encrypting a partition

1) Encrypting a partition with a password.

2) Decrypting a partition and mounting the file system.

3) Again encrypting the partition

Enhancing data security on Linux involves a vital measure – LUKS encryption. By following these precautions, you can safeguard your sensitive information, making sure that even if someone else gets hold of your storage device, they won’t be able to access your data without the passphrase. To boost the security of your encrypted data, remember to keep a backup of your passphrase and create strong, unique passphrases

About Sachin G

I am a professional freelance contributor and founder of tech transit. Love to write and lover of education, culture, and community. I have been using it, setting, supporting, and maintaining it since 2009.Linux rocks!

Sachin G

View all posts by Sachin G |

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright @ 2015-2023  Tech Transit. All rights reserved

Terms of Use - Privacy Policy

WordPress Di Responsive Theme