Create a secure backup media with LUKS

Linux helps you create a very secure disk backup. This can be to create a safe backup of files that can be stored away or even given to friends! It will not be visible to anyone without a password

I will use the example of a USB portable disk

First install the software

apt-get install cryptsetup

You can now create an encrypted partition with
cryptsetup -v luksFormat DISK-PARTITION

For example our new USB disk mounts on the computer as /dev/sdh1 so

cryptsetup -v luksFormat /dev/sdh1

You will now see

This will overwrite data on /dev/sdh1 irrevocably.

Now enter a password which we will use “newpassword”

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:

Command successful.

Make a directory /mnt/NAME. In this case /mnt/encrypt/

Now open the disk for mounting with

echo PASSWORD | /sbin/cryptsetup luksOpen DISK-PARTITION NAME

In this case

echo newpassword | /sbin/cryptsetup luksOpen /dev/sdh1 crypt

We have decided to use crypt as the encrypted name but this is arbitrary. The echo command simply puts the password into the command without it prompting you. Good for a safe script but on another device NOT!

Make a new file system on this THE FIrST TIME ONLY!!!!

mkfs.ext4 /dev/mapper/crypt

Use mount /dev/mapper/NAME /mnt/NAME/ so in this case

mount /dev/mapper/crypt /mnt/encrypt/

Once finished make sure you run

umount /mnt/NAME
umount /mnt/encrypt
/sbin/cryptsetup luksClose crypt

If you look at the USB disk the partition table now shows

Name Flags Part Type FS Type [Label] Size (MB)
sdh1 Boot Primary crypto_LUKS 7751.08

If you try and mount this you will get

mount: unknown filesystem type ‘crypto_LUKS’