LUKS Encryption

From DenshiWiki
Jump to navigation Jump to search


LUKS is a good way to encrypt drives and the data inside on linux. In this tutorial, we will be making an encrypted partition on a USB stick (though it works on generally any storage device)


  • Debian or Debian based GNU/Linux Distribution (though any distro can do this)
  • A USB stick or external drive
  • Access to the root user
  • The Packages cryptsetup and parted

Preparing the Drive[edit]

Finding the Drive[edit]

Open a terminal and login as the root user. Use the command lsblk to list all block devices: an example output should be something like this:

sda           8:0    0   1.8T  0 disk  
└─sda1        8:1    0   1.8T  0 part  /media/USERNAME/drive
sdb           8:16   0 953.9G  0 disk  
├─sdb1        8:17   0   499M  0 part  
├─sdb2        8:18   0   100M  0 part  
├─sdb3        8:19   0    16M  0 part  
└─sdb4        8:20   0 953.3G  0 part  /media/USERNAME/other_drive
sdc           8:32   1  14.6G  0 disk  

according to the output, drive "sdc" is the flash drive because of the 14.6G size and the lack of partitions (if your drive has partitions you can remove them in the next section)

since the device is called sdc, it will be located in /dev/sdc but YOUR drive might be in a different spot, just make sure its the correct one.

Deleting All Partitions and Creating a New One[edit]

If your USB drive has partitions in it, its important to remove them before continuing. To do that, use any partitioning software you personally use to delete all partitions. I will use parted.

I enter parted by entering parted /dev/sdc (replace /dev/sdc with your USB drive)

Then enter these commands: (THIS WILL WIPE ALL DATA FROM USB DRIVE)

mklabel msdos
mkpart primary 0% 100%

if you run lsblk again, your drive should have 1 empty partition.

(Optional) Zeroing & Randomizing Passes[edit]

For extra security, you can do use the dd command to zero or randomize your USB drive's data before