How To Encrypt An External Storage Device In Linux

There’s many reasons you may want to encrypt a drive, a safe way to store important financial records, passwords, or intellectual property. It’s important to maintain both your privacy as well as secure backups so encrypting your external drives is extremely important.

NOTE: This will showcase walkthrough on the linux command line. It will require you to format the drive so it works best if the drive is new and has no information on it otherwise you will loose the data on the drive. After you format it you will need to put a file system on it. I used brtfs which is designed for Linux systems( sort of like security through obscurity). To read the data on other OS would require some software or just not work entirely. When I tested the drive on my MacBook afterwards it returned an error command and stated it was unreadable. If you do not want this then I recommend using another file system like FAT.

We use the “lsblk’ command to view what drives we have available to us. Today we will be working with “sdb” although it may be different for you. Once we have our drive we input our second command cryptsetup luksFormat /dev/sdb1. Then we will be prompted for the password we want to use to de-encrypt the device.

cryptsetup comes with kali linux, if you don’t already have it installed just grab your favorite package manager and sudo apt it. This command will reformat the device and allow us to encrypt it. At this stage make sure you have nothing valuable on the external device.

After we will again use cryptsetup to open the drive and give it a temporary name while we use work with it. This name changes every time so don’t worry about it too much.

Next we have to install the file system because we erased the original one when we formatted it. In the previous steps it stated that we overwrote a vfat system. If you want your drive to work on all OS types you could use that. Since I’m making this one for just Linux I’m going to use brtfs.

Next we need to mount the drive in order to put data onto it. To demonstrate I used nano to create a file called nothingtoseehere.txt and wrote test inside of it.

Follow the above steps to unmount the drive so that it may be ejected without loosing data.

Then use this command to re-encrypt the data. Remember to do this every time you access it.

To test if it worked you can unplug the drive then plug it back in and try to access it through the GUI. You should be greeted with this portal asking for your password. Remember to encrypt after you are don. Thanks for reading :).