How to encrypt external devices?

hard-drive encryption usb-drive partitioning

67,718

Solution 1

Linux platform only

You can use the disk utility that comes installed with Ubuntu by default.

Install the cryptsetup package: sudo apt-get install cryptsetup

If the gnome-disk-utility package is not installed: sudo apt-get install gnome-disk-utility

Some things to have in mind prior:

Any data that is on the partition will get erased
This is NOT suitable for a partition that is running your current OS
Again, back up everything and be sure to format the correct drive!

Creating a new encrypted partition:

Start the Disk Utility:

Make sure you identify the proper drive in the left hand panel.
If needed, create empty space on the disk by resizing/deleting partitions.
In the Volumes graphic overview, click the appropriate empty block.
Click Create partition to create the partition to be encrypted.
Check Encrypt underlying device.

They will then prompt you for a password. Chose a decent password - your encryption will only be as strong as your password. It is probably also safer not to store the password, choose the option Forget password immediately.

Encrypting an existing partition

Select the partition that you want to get encrypted
Make sure that it is not mounted by pressing on the "stop" button
Click the "gear" icon under the partition and choose Format...
Select the type Encrypted, compatible with Linux systems (LUKS + Ext4)
Enter a name to distinguish the partition
Enter your passphrase to encrypt it and confirm it

For higher security, if you have have any existing data in this partition, select the erase option. You can overwrite existing data with zeroes, but this could take several hours depending on the disk.
Format it and wait until it finish in a couple of minutes!

Using your encrypted partition

Once your partition is formatted, it will be encrypted.
In fact, you have two partitions, a container partition and the encrypted partition.
Disk Utility will show them above each other when the volume is unlocked.
From the Disk Utility, you can lock and unlock the volume by selecting the partition with the little lock and clicking Lock Volume or Unlock Volume.

Make sure that you leave it closed/locked before unmounting the system, otherwise you will get an error. Also, with two partitions, you will have to unmount both before being able to safely remove the drive.

In the Disk Utility, there also is a button Change passphrase, which works much faster than the initial formatting.

From Nautilus, you can mount and unmount the encrypted volume almost like a normal external USB drive or memory stick, except that you will be prompted for the password.

Source: https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage

Solution 2

CLI

cryptsetup -v --verify-passphrase luksFormat $1   # Answer YES in CAPITAL - case matters!
cryptsetup luksOpen $1 backup
mkfs.ext4 /dev/mapper/backup
cryptsetup luksClose /dev/mapper/backup

where $1 is the partition address (/dev/sdc1 for example)

67,718

Admin

Updated on September 18, 2022

Comments

Admin almost 2 years

I've been a Windows power user/administrator and professional tech for years, I just made the decision to go Linux, and wow, what a difference.

Is there any decently easy way to encrypt external volumes (i.e. USB keys, external hard drives, memory sticks, etc.) that works under Ubuntu 14.04?
RobotHumans almost 10 years

Good link, but you might want to talk about it a little... and add using loopback mounting for file based filesystems instead of formatting in case some external hard drive firmware has a hard depend on NTFS (I've seen this first hand).
Pabi almost 10 years

The tutorial is easy step by step and every step has a good explanation what you are doing. If you need further assistance ask a specific question :)
RobotHumans almost 10 years

I don't, but it would make your answer less awful.
RobotHumans almost 10 years

See meta.stackexchange.com/questions/8231/…
Pabi almost 10 years

Your are right,. It`s a bit long but I added a tutorial shortened from the source.
karim over 9 years

@Pabi Thanks for the detailed answer but this doesn't seem to reflect the changes to gnome-disk-utility for Ubuntu 14.04. The interface is rather different; this closely matches the 12.04 directions. In 14.04, disk utility has been renamed "disks", and lacks a lot of these options as far as I can tell.
Admin over 8 years

I'm curious , can $1 be a loop device file too?
int_ua over 8 years

AFAIU, it can be since everything is a file.
calocedrus about 6 years

A bit of explanation would be much welcome! For example, where is the pass-phrase/-word set?
int_ua about 6 years

It's set interactively in the first command. backup is just a name I've given to the mount point.
kravemir about 3 years

It is worth to mention, that LUKS can be used with other filesystem, and it's supported by GNOME Disks. I've selected "Other", then "exfat" and checked to LUKS encryption.