Encryption - encrypting a backup drive with LUKS on Linux

This is a short guide to setting up a backup drive for use with Linux so that it is encrypted. This is most likely to be desired for removable drives so that they can be safely transported without the risk that the data contained can be stolen in the event that the drive itself is stolen.

Identify the drive. If the drive is mounted, you can see where it is my using the "mount" command. If it isn't mounted, then "dmesg|tail" will probably reveal the drive location.

For this example, the device will be "/dev/targetusb"

fdisk /dev/targetusb

You might need to repartition, that step is left undocumented since it is pretty much at your whim. You should label your partition as Linux when done:



For this example, the targeted resulting partition will be "/dev/targetusb1"

cryptsetup --verify-passphrase luksFormat /dev/targetusb1 -c aes -s 256 -h sha256

YES you will be prompted before all the data on the drive is destroyed by encryption to say you mean it

Enter your passphrase

When complete, you can set your partition for decrypted use with this command:

cryptsetup luksOpen /dev/sdi1 EncryptedUSB

mkfs.xfs /dev/mapper/EncryptedUSB

Now the resulting, formatted and encrypted drive space can be mounted.