Every one of us has our private data that should be kept secure from theft. It includes family photos, personal documents, and any other data that is personal and need to be secured. Encryption is one way to keep your data safe and away from others.
When a hard disk is encrypted, no one can extract the data out of the hard drive without regular logging onto the PC.
Large organizations use encryption on the work computer to safeguard their data from the leak in case the employer loses the work computer.
In this tutorial, we are going to help you encrypt your hard disk partitions on Ubuntu and its derivatives, with easy and clear steps. Be careful when you are learning and doing it the first time. I recommend doing a trial of this tutorial on a small partition whose data is already backed up.
If you have installed popular Linux distros such as Ubuntu, Linux Mint, etc., you should have noticed an option offered during the installation process to set up an encrypted partition. That’s one way to encrypt the hard disk. Since you are here reading this tutorial, I’m assuming that you didn’t use the encryption process. In such case proceed as follows:
Creating a New Partition
You should create an empty unformatted partition to encrypt it. In case you do not have one then you can use Gparted to create one quickly:
Step 1. Insert your Ubuntu installation USB media and boot from it. Using the option “Try Ubuntu without installation”.
Step 2. After system starts, open GParted.
Step 3. Select your partition, right-click on it and choose “Resize/Move” option from the list.
Step 4. Move the right slide bar to the needed size. Then click “Resize/Move” button.
Step 5. Right click on the unallocated space and choose new.
Step 6. From the Filesystem menu choose “cleared” then press “Add” button. By default, ext4 is chosen. In our case we need it cleared which means unformatted.
Step 7. On the top panel choose the green mark to apply your changes.
We have just created an unformatted partition which we will use to be our encrypted partition. Now you can quit GParted and reboot your system without the Ubuntu installation media.
Step 1. Ensure that your system is updated using the below commands.
sudo apt-get update sudo apt-get upgrade
Step 2. Install the cryptsetup package.
sudo apt install cryptsetup
Step 3. To get your partition block device name use the next command. It will help you get the exact name of your new unformatted partition.
As you can see from the previous screenshot, we can now get the block device name from the partition size.
Another and more accurate way is by trying to mount the partition. Usually, this will give error cause there is no filesystem on the new partition.
As you can see it gave an error, it means that this is our intended partition.
Set up LUKS Header
Add LULS header to the partition using the previous block device name.
sudo cryptsetup luksFormat /dev/sda2
Be careful and type YES in uppercase as needed. Also, you will be prompted to enter a strong passphrase as a password.
Create Partition Filesystem
Step 1. First, you will need to map the physical device to a virtual one.
sudo cryptsetup luksOpen /dev/sda2 encrypt-partition
Step 2. Now create an ext4 filesystem on the partition.
sudo mkfs.ext4 /dev/mapper/encrypt-partition
Step 3. Create a new directory that will be used to mount the filesystem to it.
Step 4. Mount the new filesystem to it.
sudo mount /dev/mapper/encrypt-partition ~/encrypt-storage
Step 5. Locate to the new directory.
Step 6. Next, we will grant permissions to your user to be able to read/write/execute on this new directory.
sudo chown $USER:$USER .
Step 7. Restrict and prevent other users from reading and writing on this directory.
Step 8. Now, you can check the new encrypted partition from your default file manager.
At this moment, we have created a new partition, encrypted it, and it is ready for storing your data on it. Once you finish your work on that partition, you can unmount it and lock it to keep it safe and secure. And in anytime you need to open this partition again you have to mount and unlock it.
Step 9. To unmount your partition.
sudo umount /dev/mapper/encrypt-partition
Step 10. To lock your partition.
sudo cryptsetup luksClose /dev/mapper/encrypt-partition
Finally, we have created an encrypted partition on your Ubuntu PC, where you can keep your data on it securely. I hope you have enjoyed this tutorial and in case you need any help, leave a comment, and we will be glad to help you.