Encrypting File System In Linux

Hello Dear Visitor

This is my brand new tutorial about Encrypting an entire File System under a Linux Operating System, You will need, in case you want to store some sensitive data and you don’t want it to end up in wrong hands. We will be using “cryptsetup” in combination with LUKS (Linux Unified Key Setup) for encrypting your Partition. So Lets Get Started.

I will be assuming the Following

1. Operating System: Ubuntu 12.10

2. User: ordinary User, as this is sensitive work, so we will be using “sudo”

3. A Blank Partition, since we will be encrypting the File System, all the data on that partition will be lost, so if there is any data on that partition, make sure you had a proper backup before you continue.

I am currently using a VM and I have attached a new blank harddisk (you will be having a real harddisk so be extra carefull), Now to encrypt your partition follow the following Steps

1. Use the following command to encrypt your Partition

$sudo cryptsetup -v –verify-passphrase luksFormat /dev/sdb1

a. Cryptsetup will make sure you are in your senses by asking you to type YES (all in capital)

b. Then it will ask you for a pass-phrase, the password with which you will be prompted for in case you want to open the partition

2. Now you will have to Open the partition using the following command

$sudo cryptsetup luksOpen /dev/sdb1 myData

a. myData is the name I gave to this partition, you will need to refer it with this name

b. It will then prompt you for that pass-phrase, enter it to continue

3. Now verify that our device was open by checking in the name of our Encrypted File System /dev/mapper/

$ls /dev/mapper

4. Now you will have to create a new file system inside that encrypted partition using the following command

$sudo mkfs.ext4 /dev/mapper/myData

5. Now create a directory to which we will be mounting our partition, use the following command

$mkdir /media/myData

6. To mount our file System, use the following command

$mount /dev/mapper/myData /media/myData

7. To start this partition at boot time, add the following entry for this partition in /etc/crypttab file

$sudo vi /etc/crypttab

and add the entries

myData              /dev/sdb1               none

8. Now to automatically mount partition at boot time, edit the fstab file

$sudo vi /etc/fstab

and add the following lines at the end of file

/dev/mapper/myData          /media/myData             ext4             rw                  0 0

9. And that’s It, Reboot the System and it will prompt you for the password during boot time, Enter pass-phrase (password of that partition to continue).

10. After reboot you can check the status of your encrypted partition with the following command

$sudo cryptsetup status myData


1. In case you have SELinux installed on your system, you will have to relabel this partition using the following command

$sudo restorecon -r /media/myData

2. If /etc/crypttab file does not exists, create one

 3. If you get a massage/error mount: unknown filesystem type ‘crypto_LUKS’ during boot time, run the following command.

$cryptsetup luksOpen /dev/sdb2 myData

press control+D to continue with normal boot

That’s it, Simple, wasn’t it? If you have any questions and suggestions, Please leave it in comment section. I will be more then happy to answer them.

2 thoughts on “Encrypting File System In Linux

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s