Recently, I was tasked to write a backup program for a small office. A key requirement was that the portable backup drive they are using needed to be encrypted since it would have to be ferried off site on a daily basis. The idea was that, if the drive fell in the ‘wrong hands’ during transportation, the client’s data would be secure. With encryption, I was able to meet this need.
I thought I would break the silence with a how-to on encryption using the Linux command line interface – not exciting but quite necessary these days.
Encrypting data in Linux is very simple, and I would highly recommend it for such things as USB flash and portable hard disks. Most Linux distributions come with an encryption tool called cryptsetup.
If you do not have it , install it using yum or apt-get depending on your package manager. For Red hat based distros, use
# yum install cryptsetup
As always, you need to backup your data before you proceed. I will assume you have already created a new partition on your device e.g. /dev/sdX1. If you need to partition, refer to the venerable ‘fdisk’ utility
Create the encrypted volume
# cryptsetup -v -y luksFormat /dev/sdX1
Confirm that you want to proceed by typing “YES”
Enter your passphrase when prompted. You will be asked to verify it
Once you have created the encrypted volume, you can proceed to format it
# cryptsetup luksOpen /dev/sdX1 mydata
# mkfs.ext3 /dev/mapper/mydata
Here you can choose other file formats such as FAT32, EXT4 etc
Create a mount point
# mkdir /mnt/mydata
Mount the new volume
# mount /dev/mapper/mydata /mnt/mydata
You can then write your data to the mounted and encrypted volume at /mnt/mydata
To close the volume
# umount /dev/mapper/mydata
# cryptsetup luksClose mydata
Note: if you are using a desktop such as GNOME, you will be prompted for a passphrase every time you insert the disk, so you do not have to mount the disk manually, but then again, we are talking about the command line here!
That’s it for now