Post

Encrypted External Drive

First, let’s grab the packages.

1
apt-get install cryptsetup

Then, let’s enable the modules.

1
2
modprobe dm-crypt
modprobe aes

Next, let’s use badblocks to identify bad sectors and overwrite the disk with random data at the same time (this took about 10 hours on my 640GB drive).

1
badblocks -c 10240 -s -w -t random -v /dev/sdg

When that’s done, you’ll want to add a filesystem to the drive

1
fdisk /dev/sdg

Next, let’s LUKS encrypt the drive.

1
cryptsetup --hash sha512 --key-size 256 --cipher aes-cbc-essiv:sha256 luksFormat /dev/sdg1

You’ll need to answer YES to the question in all caps to create the encrypted partition. Then, you’ll want to mount the volume.

1
cryptsetup luksOpen /dev/sdg1 securebackup

This will open the volume at /dev/mapper/securebackup. Next, we need to put a filesystem on the encrypted partition.

1
mkfs.ext4 -m 1 -O dir_index,filetype /dev/mapper/securebackup

Once that’s done, you are ready to mount the encrypted partition to write to it.

1
2
mkdir -p /media/securebackup
mount /dev/mapper/securebackup /media/securebackup/

When you are done working on your encrypted volume, you’ll want to unmount it, and then close the LUKS encrypted volume like this.

1
2
umount /media/securebackup/
cryptsetup luksClose /dev/mapper/securebackup

And, there are the simple steps to an encrypted backup disk.

This post is licensed under CC BY 4.0 by the author.