The Music in Noise

Encrypted Backup Drive - 2017-02-21

In my previous post I demonstrated how to setup LVM on LUKS with Parabola GNU/Linux-libre. However, what good is an encrypted hard drive if your backups are completely vulnerable? So here's a small guide on setting up a LUKS partition on your backup device.

In reality it's basically the same as setting up LUKS for Parabola, but I'm not going to make you read all that just to get a LUKS partition setup on your external hard drive. Please note that I'll be referring to the external device as `/dev/sdb', if it's different for you use your device's path!

Alright, to begin you should probably clear the device by filling it with random data with `dd if=/dev/urandom of=/dev/sdb bs=1M status=progress'. This'll probably take a while depending on the size of your device and the speed at which you can write to it, so feel free to do something else meanwhile (for a long while).

Once that's done it's time to format it. Run `cfdisk /dev/sdb' and select the `dos' disk labelling (or whatever you want, I guess). You'll want to create a new primary partition, a Linux type should do just fine. Once it's formatted write the changes and exit.

Now, before creating a filesystem or anything we're going to format the partition you just created with LUKS: `cryptsetup luksFormat /dev/sdb1'. You can also specify other things like the encryption cipher and key sizes and stuff, at which point please refer to the documentation on the ArchWiki or something, but for most cases this should work just fine. This'll format `/dev/sdb1' with LUKS.

Now it's time to open the device in order to work with it as any other device. Run `cryptsetup luksOpen /dev/sdb1 ', where `dev-name' is the name you want the device to take in `/dev/mapper/'. At this point we can finally format it with a proper filesystem (that is, ext4): `mkfs.ext4 /dev/mapper/'. Now the device is ready for mounting and usage. Just make sure to always mount from `/dev/mapper/', not `/dev/sdb1'. Just make sure that when you want to remove the device that you unmount it first and then run `cryptsetup luksClose '.

Just remember that every time you want to mount the device you will have to run the `cryptsetup luksOpen ...' to mount and `cryptsetup luksClose ...' to dismount.

Last updated: