Recently, I was tasked to write a backup program for a small office. A key requirement was that the portable backup drive they are using needed to be encrypted since it would have to be ferried off site on a daily basis. The idea was that, if the drive fell in the ‘wrong hands’ during transportation, the client’s data would be secure. With encryption, I was able to meet this need.
\nI thought I would break the silence with a how-to on encryption using the Linux command line interface \u2013 not exciting but quite necessary these days.<\/p>\n
Encrypting data in Linux is very simple, and I would highly recommend it for such things as USB flash and portable hard disks. Most Linux distributions come with an encryption tool called cryptsetup.
\nIf you do not have it , install it using yum or apt-get depending on your package manager. For Red hat based distros, use <\/p>\n
As always, you need to backup your data before you proceed. I will assume you have already created a new partition on your device e.g. \/dev\/sdX1. If you need to partition, refer to the venerable ‘fdisk’ utility<\/p>\n Create the encrypted volume<\/p>\n Create a mount point<\/p>\n Mount the new volume<\/p>\n To close the volume<\/p>\n Note: if you are using a desktop such as GNOME, you will be prompted for a passphrase every time you insert the disk, so you do not have to mount the disk manually, but then again, we are talking about the command line here!<\/p>\n That’s it for now<\/p>\n","protected":false},"excerpt":{"rendered":" Recently, I was tasked to write a backup program for a small office. A key requirement was that the portable backup drive they are using needed to be encrypted since it would have to be ferried off site on a daily basis. The idea was that, if the drive fell in the ‘wrong hands’ during […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-812","post","type-post","status-publish","format-standard","hentry","category-tips"],"_links":{"self":[{"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=\/wp\/v2\/posts\/812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=812"}],"version-history":[{"count":9,"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=\/wp\/v2\/posts\/812\/revisions"}],"predecessor-version":[{"id":815,"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=\/wp\/v2\/posts\/812\/revisions\/815"}],"wp:attachment":[{"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/joseph.zikusooka.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}# yum install cryptsetup<\/code><\/p>\n# cryptsetup -v -y luksFormat \/dev\/sdX1<\/code>
\nConfirm that you want to proceed by typing \u201cYES\u201d
\nEnter your passphrase when prompted. You will be asked to verify it
\nOnce you have created the encrypted volume, you can proceed to format it<\/p>\n# cryptsetup luksOpen \/dev\/sdX1 mydata
\n# mkfs.ext3 \/dev\/mapper\/mydata<\/code>
\nHere you can choose other file formats such as FAT32, EXT4 etc<\/p>\n# mkdir \/mnt\/mydata<\/code><\/p>\n# mount \/dev\/mapper\/mydata \/mnt\/mydata<\/code>
\nYou can then write your data to the mounted and encrypted volume at \/mnt\/mydata<\/p>\n# umount \/dev\/mapper\/mydata
\n# cryptsetup luksClose mydata<\/code><\/p>\n