How to encrypt external devices?
Solution 1
Linux platform only
You can use the disk utility that comes installed with Ubuntu by default.
Install the cryptsetup package: sudo apt-get install cryptsetup
If the gnome-disk-utility package is not installed: sudo apt-get install gnome-disk-utility
Some things to have in mind prior:
- Any data that is on the partition will get erased
- This is NOT suitable for a partition that is running your current OS
- Again, back up everything and be sure to format the correct drive!
Creating a new encrypted partition:
Start the Disk Utility:
- Make sure you identify the proper drive in the left hand panel.
- If needed, create empty space on the disk by resizing/deleting partitions.
- In the
Volumes
graphic overview, click the appropriate empty block. - Click Create partition to create the partition to be encrypted.
- Check Encrypt underlying device.
They will then prompt you for a password. Chose a decent password - your encryption will only be as strong as your password. It is probably also safer not to store the password, choose the option Forget password immediately
.
Encrypting an existing partition
- Select the partition that you want to get encrypted
- Make sure that it is not mounted by pressing on the "stop" button
- Click the "gear" icon under the partition and choose Format...
- Select the type Encrypted, compatible with Linux systems (LUKS + Ext4)
- Enter a name to distinguish the partition
-
Enter your passphrase to encrypt it and confirm it
For higher security, if you have have any existing data in this partition, select the erase option. You can overwrite existing data with zeroes, but this could take several hours depending on the disk.
Format it and wait until it finish in a couple of minutes!
Using your encrypted partition
Once your partition is formatted, it will be encrypted.
In fact, you have two partitions, a container partition and the encrypted partition.
Disk Utility will show them above each other when the volume is unlocked.
From the Disk Utility, you can lock and unlock the volume by selecting the partition with the little lock and clicking Lock Volume
or Unlock Volume
.
Make sure that you leave it closed/locked before unmounting the system, otherwise you will get an error. Also, with two partitions, you will have to unmount both before being able to safely remove the drive.
In the Disk Utility, there also is a button Change passphrase
, which works much faster than the initial formatting.
From Nautilus, you can mount and unmount the encrypted volume almost like a normal external USB drive or memory stick, except that you will be prompted for the password.
Source: https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage
Solution 2
CLI
cryptsetup -v --verify-passphrase luksFormat $1 # Answer YES in CAPITAL - case matters!
cryptsetup luksOpen $1 backup
mkfs.ext4 /dev/mapper/backup
cryptsetup luksClose /dev/mapper/backup
where $1
is the partition address (/dev/sdc1
for example)
Related videos on Youtube
![Admin](/assets/logo_square_200-5d0d61d6853298bd2a4fe063103715b4daf2819fc21225efa21dfb93e61952ea.png)
Admin
Updated on September 18, 2022Comments
-
Admin almost 2 years
I've been a Windows power user/administrator and professional tech for years, I just made the decision to go Linux, and wow, what a difference.
Is there any decently easy way to encrypt external volumes (i.e. USB keys, external hard drives, memory sticks, etc.) that works under Ubuntu 14.04?
-
RobotHumans almost 10 yearsGood link, but you might want to talk about it a little... and add using loopback mounting for file based filesystems instead of formatting in case some external hard drive firmware has a hard depend on NTFS (I've seen this first hand).
-
Pabi almost 10 yearsThe tutorial is easy step by step and every step has a good explanation what you are doing. If you need further assistance ask a specific question :)
-
RobotHumans almost 10 yearsI don't, but it would make your answer less awful.
-
RobotHumans almost 10 years
-
Pabi almost 10 yearsYour are right,. It`s a bit long but I added a tutorial shortened from the source.
-
karim over 9 years@Pabi Thanks for the detailed answer but this doesn't seem to reflect the changes to gnome-disk-utility for Ubuntu 14.04. The interface is rather different; this closely matches the 12.04 directions. In 14.04, disk utility has been renamed "disks", and lacks a lot of these options as far as I can tell.
-
Admin over 8 yearsI'm curious , can $1 be a loop device file too?
-
int_ua over 8 yearsAFAIU, it can be since everything is a file.
-
calocedrus about 6 yearsA bit of explanation would be much welcome! For example, where is the pass-phrase/-word set?
-
int_ua about 6 yearsIt's set interactively in the first command.
backup
is just a name I've given to the mount point. -
kravemir about 3 yearsIt is worth to mention, that LUKS can be used with other filesystem, and it's supported by GNOME Disks. I've selected "Other", then "exfat" and checked to LUKS encryption.