Encrypting an external drive

Published: Sun, 26 Jul 2015

I am not responsible for any data loss. Use these commands at your own risk.

I wanted to encrypt the disks that I use to regularly make a backup so I can put it offsite without that nagging thought that just about anyone can read it’s contents when it gets stolen/lost.

Find out the name of the disk you want to encrypt. I usually use a 'sudo fdisk -l' to find out which disk. In my case /dev/sdcX so I will use that in this example. Substitute with your own unless you want to lose data. Make sure your disk is not mounted:

sudo umount /dev/sdcX

It is good practice to fill the disk with some initial garbage to make any decryption attempts harder.

sudo dd if=/dev/urandom of=/dev/sdcX

Initial creation:

# Login as root
sudo -i
# Install cryptsetup
apt-get install cryptsetup
# I am using a passphrase to setup the encryption you could optionally use a keyfile. Check out the manual for more info.
cryptsetup -y create crypt /dev/sdcX
# Create an ext4 filesystem. (-m 0 -&gt; No reserved blocks for root, this is an external disk)
mkfs.ext4 -m 0 /dev/mapper/crypt
# Create a directory to mount to and mount
mkdir /mnt/crypt &amp;&amp; mount /dev/mapper/crypt /mnt/crypt

Remounting:

sudo cryptsetup create crypt /dev/sdcX
sudo mount /dev/mapper/crypt /mnt/crypt

That did it for me. I just wanted a small barrier to chase away curious people.