Computer

Protect your files on Linux by encrypting the hard drive

But, at the same time, it poses a problem when to try to recover the data in case of forgetting the password or the hard drive starts to malfunction until it reaches a point where it is impossible for us to access. The encryption of a hard drive can only be unlocked from the system itself.

If the hard drive stops working and we try to recover the data using third-party applications, we will hit an insurmountable wall. The solution to this problem is to use a cloud storage platform that allows us to synchronize all the files that we create or modify instantly, thus avoiding the need to make backup copies, although this is another option.

However, unless you get into the habit of making a backup on a regular basis (something that very few users do), they are of little use if, all of a sudden, your hard drive stops working.

On older computers, encrypting the hard drive is synonymous with performance issues, problems that always manifest themselves in the long run, as the number of stored files increases. On newer computers, Linux encryption hardly affects computer performance.

During the installation

The best method To correctly encrypt a Linux hard drive, this process is carried out during the installation, so the first thing we must do is make a backup copy of all the files that we want to keep in order to copy them again once the installation has finished.

Next, we proceed to download the version of Linux that we are going to install, we create an installation medium (USB, DVD, CD…) with which we will start our computer to carry out the installation and we modify the BIOS so that the computer starts with the program of installation. When starting the computer, we select Try or Install Ubuntu.

One has started the system, on the welcome screen we select Spanish and click on the Install Ubuntu button. The next option invites us to select the language of the distribution that we are going to install along with the keyboard layout.

Linux keyboard layout

In the next window, the distribution invites us to select what type of installation we want: normal (with all accessories) or minimalwith the basic and necessary applications to function correctly.

Linux installation type

Now we must select the unit where we want to install the Linux distro. If we have a hard disk where we are going to install it and we do not plan to create partitions, we select Erase disk and install Ubuntu and then Advanced features.

Within the advanced functionalities, we select Use LVM in the Ubuntu installation and check the box Encrypt the Ubuntu installation for security.

Encrypt Linux installation

Next, we must write the security key which will unlock the encryption on our device. It is recommended to check the Activate the recovery key box, a key that will be stored in the system and will allow us to know the encryption password that we have used.

encrypt linux hard drive

Finally, click on Install and wait for the process to finish. Once it has finished and we run the copy of Ubuntu that we have installed for the first time, before loading the graphical interface, it will ask us for the encryption key.

Create a new encrypted partition

If the idea of ​​reinstalling Linux does not cross your mind, the quickest and easiest solution is to create a new partition from the system, a partition that we will encrypt at the time of formatting it.

Encrypting a Linux partition is associated with losing all the content that we have stored inside it, so the first thing we must do is make a safe backup.

To create an encrypted partition in Linux we are going to use the Disks application included in the system. When you open the app, all available drives on your computer will be displayed in the left section.

We select the drive where we want to create the partition, at the bottom we click on the gear wheel selecting the format partition option.

encrypt linux partition

Next, we introduce a name to the partition to be able to identify it and in the Type section, we mark the Internal Disk boxes to use it only with Linux Systems (Ext4) and Password protected volume Luks.

encrypt linux partition

When clicking on next, the application will invite us to create a password that protects access to that partition and click on the Next button.

password encryption linux

If we try to access that partition, the system will invite us to enter the password if we want to access the data.

access encrypted linux partition

From the command line with Luks

Another option available in Linux to encrypt partitions and hard drives in Linux is to use the command line. The process is the same as through the Discos application of the graphic distribution that we have installed, but writing all the commands from terminal.

Luks is the most used tool to encrypt Linux hard drives from the command line as it is found available on most Linux distributions so there is no need to download additional software.

If you have not previously encrypted any other system partition with the Disks application or during the installation process, the first thing we must do is install it on our computer with the command:

sudo apt install crypsetup

Next, we must create a new partition on the computer, a partition that will be encrypted in the formatting process using Luks. If you want to use an existing partition, you must first delete it and recreate it.

To format the new partition using Luks we must write the following command

sudo cryptsetup luksFormat /dev/sda1

If the partition that we are going to format does not correspond to the main hard drive (in this case sda1), we must replace it with the one that corresponds.

We must confirm the process by writing YES and we enter the password that we want to use to encrypt the new partition that we have created.

Once the process has finished, every time we want to access the encrypted partition or drive, it will be necessary to enter the password that we have established.

Other programs to encrypt the hard drive in Linux

In addition to Luks, we can also use other programs to encrypt Linux hard drives or partitions. However, they are not available natively, so we will be forced to download them.

VeraCrypt

VeraCrypt requires its own application to be able to access encrypted partitions. This is an inconvenience that we will not find in Luks as it is integrated into most Linux such as Ubuntu, Debian and others.

This application is available for Ubuntu, Debian, CentOS, and OpenSUSE as well as for Windows, macOS, Raspberry Pi, and FreeBSD. You can download VeraCrypt through the following link.

AES Crypto

With AES Crypt, we can not only encrypt partitions using AES encryption, but we can also independently encrypt files. Of course, to be able to access its content, as with Vera Crypt, it is necessary to use the application.

AES Crypt is available for both the Linux GUI and the command line, in 32-bit and 64-bit versions. Furthermore, it is also available for Windows, Android, macOS, OS X and iOS/iPadOS. You can download this software from its website by clicking on the following link to its website.

Related Articles

Leave a Reply

Your email address will not be published.