In the current digital era, data security is of the utmost importance. The encryption of your data is a crucial step to preserve its confidentiality, whether you’re a business professional securing sensitive information or an individual protecting personal data. LUKS (Linux Unified Key Setup) is a powerful data encryption method provided by Linux. With LUKS, you may encrypt entire storage devices or specific partitions, combining high security with user-friendly functionality. 

Understanding LUKS

“The Linux operating system includes a built-in feature called LUKS, commonly referred to as Linux Unified Key Setup, that aids in protecting your data. It resembles a unique lock for your files. A ‘container,’ or virtual safe, is what you make using LUKS. You use a secret key or password to lock this safe.

You can place your files inside the safe and remove them just like you would with a conventional computer folder once it has been unlocked.


Before diving into the encryption process, ensure you have the following:

  1. A Linux-based operating system installed on your computer.
  2. Superuser Privilege or root access to your Linux system.
  3. Backed up any all your data, as the encryption process will erase the existing data on the selected storage device or partition.

Step 1: Launch a Terminal

Open a terminal window on your Linux system. This can typically be found in your applications menu or accessed by pressing Ctrl + Alt + T.

Step 2: Install the Necessary Package

Although most Linux distributions come with LUKS tools already installed, if they don’t, you can quickly install them using your package manager. Use this command on Debian-based systems (like Ubuntu):

apt-get install cryptsetup

For Alma Linux, Rocky, CentOS  or Red Hat, Fedora systems 

 dnf install cryptsetup

Step 3: Verify the Target Storage Device or Partition

First, we create a partition using fdisk. If you do not know how to create a partition using fdisk,you can explore the man file for fdisk where you will find the procedure to create partitions.After you have created the partition, run the following commands in order. Determine the storage device or partition you intend to encrypt. You can use commands like lsblk or fdisk -l to list available storage devices and partitions.

Step 4: Initialize the LUKS Container

Utilize the cryptsetup command to initialize the LUKS container on your target storage device or partition. Replace /dev/sdX with the actual device or partition you wish to encrypt:

 cryptsetup luksFormat /dev/sdaX 

where X is the partition number.

During this process, you’ll be prompted to enter a passphrase. Ensure your passphrase is both robust and memorable, and confirm it when prompted.

Step 5: Open the LUKS Container

After initializing the LUKS container, open it using the following command:

cryptsetup open /dev/sdX my_encrypted_disk

Her name is the name of the device and can be anything, eg: This will ask for a passphrase, enter the same passphrase you created with luksFormat.

Step 6: Make a File System

Now create a file system on that partition as

root@server1# mkfs.ext4 /dev/mapper/secret

Step 7: Mount the Encrypted Partition

create a directory to mount the file system

 mkdir /test
root@server1# mount /dev/mapper/secret       /test

For permanent mounting, edit /etc/fstab as follows

/dev/mapper/secret      /test      ext4       defaults               1 2

If you want that password should be asked everytime the machine boots then create a file /etc/crypttab and make the following entries

 secret   /dev/sdaX

This will ask for the password every time your machine boots.

When finished working you can again lock the partition by

root@server1# umount /dev/mapper/secret
 cryptsetup luksClose secret

Thus we see there are three stages while encrypting a partition

1) Encrypting a partition with a password.

2) Decrypting a partition and mounting the file system.

3) Again encrypting the partition

Enhancing data security on Linux involves a vital measure – LUKS encryption. By following these precautions, you can safeguard your sensitive information, making sure that even if someone else gets hold of your storage device, they won’t be able to access your data without the passphrase. To boost the security of your encrypted data, remember to keep a backup of your passphrase and create strong, unique passphrases

By Sachin G

I am a professional freelance contributor and founder of tech transit. Love to write and lover of education, culture, and community. I have been using it, setting, supporting, and maintaining it since 2009.Linux rocks! Sachin G Follow me on LinkedIn and x formerly twitter