Setting-Up LUKS/dm-crypt for External USB-Drive

The following commands are used to encrypt the whole USB hard-drive. This hard-drive is assumed to be on /dev/sdc. Create one partition. One can use gparted for this. Then

cryptsetup luksFormat /dev/sdc1

luksFormat is only used once.

To make this encrypted drive available as device on /dev/mapper use

cryptsetup luksOpen /dev/sdc1 SeagatePortable

The name SeagatePortable is an arbitrary name.

Now the content is accessible through /dev/mapper. Creating a file-system, here ext4, and mounting the file-system, goes like this:

mkfs.ext4 /dev/mapper/SeagatePortable
mount /dev/mapper/SeagatePortable /mnt/sp

Change mkfs.ext4 to mkfs.btrfs if btrfs is required.

To release the hard-drive

umount /mnt/sp
cryptsetup luksClose SeagatePortable

To see the configuration of an encrypted drive, i.e., cipher mode, hash spec, salt and used key slots use

cryptsetup luksDump /dev/sdc1

More elaborate information can be found in

  1. Linux Unified Key Setup
  2. LUKS FAQ
  3. LUKS dm-crypt/Encrypting an entire system
Advertisements

2 thoughts on “Setting-Up LUKS/dm-crypt for External USB-Drive

  1. Pingback: Mac Reinstall

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s