1st June 2014
Setting-Up LUKS/dm-crypt for External USB-Drive
The following commands are used to encrypt the whole USB hard-drive. This hard-drive is assumed to be on
/dev/sdc. Create one partition. One can use
gparted for this. Then
cryptsetup luksFormat /dev/sdc1
luksFormat is only used once.
To make this encrypted drive available as device on
cryptsetup luksOpen /dev/sdc1 SeagatePortable
The name SeagatePortable is an arbitrary name.
Now the content is accessible through
/dev/mapper. Creating a file-system, here ext4, and mounting the file-system, goes like this:
mkfs.ext4 /dev/mapper/SeagatePortable mount /dev/mapper/SeagatePortable /mnt/sp
btrfs is required.
To release the hard-drive
umount /mnt/sp cryptsetup luksClose SeagatePortable
To see the configuration of an encrypted drive, i.e., cipher mode, hash spec, salt and used key slots use
cryptsetup luksDump /dev/sdc1
More elaborate information can be found in
- Linux Unified Key Setup
- LUKS FAQ
- LUKS dm-crypt/Encrypting an entire system