Home > tutorial, ubuntu > Create an encrypted filesystem with luks on ubuntu

Create an encrypted filesystem with luks on ubuntu

Setting up a LUKS filesystem (http://en.wikipedia.org/wiki/LUKS) on Ubuntu 10.10 is as easy as this:

$ sudo apt-get install -y cryptsetup
$ sudo modprobe sha256
$ sudo modprobe dm_crypt
$ sudo modprobe dm_mod
$ sudo modprobe aes

Now you have to ensure that the device (in my case, an USB hard disk drive) is unmounted:

$ sudo umount /dev/sdb1

Once unmounted, you can setup LUKS on a free partition. Be careful, all data will be erased, and remember the password!:

$ sudo cryptsetup luksFormat -c aes -h sha256 /dev/sdb1

This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:

Now you can mount and format the new partition, giving a name to the device mapper):

$ sudo cryptsetup luksOpen /dev/sdb1 encrypted_disk
Enter passphrase for /dev/sdb1:
Key slot 0 unlocked.
$ sudo mkfs.ext3 /dev/mapper/encrypted_disk

$ sudo mkdir /test_dir
$ sudo mount -t ext3 /dev/mapper/encrypted_disk /test_dir/

Be careful with the / at the end of the mounting dir (/test_dir/).

To unmount the disk, you have to close the device mapper:

$ sudo umount /encrypted_disk
$ sudo cryptsetup luksClose encrypted_disk

Updated feb-22 2011

If you want your LUKS partition to be compatible with Red Hat 5, when you format the disk you have to use sha1 instead of sha256:

$ sudo cryptsetup luksFormat -c aes -h sha1 /dev/sdb1

Once the LUKS partition is ready, the partition is mounted automatically, asking for the LUKS password only.

  1. August 1, 2011 at 9:59

    Hi, maybe you’re right, but in my Gparted 0.7.0 it shows a red exclamation mark with this comment: “Linux Unified Key Setup encryption is not yet supported”. And I cannot select the label option in the context menu.

    And as for cryptsetup wiki it seems that they don’t suport labels:


    > Comment by cales…@scientia.net, Oct 11, 2008
    > LUKS should support “filesystem” LABELs in addition to it’s UUIDs


  2. Anonymous coward
    June 28, 2011 at 1:32

    Do not label the encrypted partition (for example with gparted), else it loses its encryption !


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: