So I’ve decided to stash an external USB drive — fully encrypted with AES-256 — at a family member’s or friend’s place, just to have an offsite backup of all my data (you know, in case the mothership crashes).
Here’s the plan and step-by-step guide (courtesy of ChatGPT):
🔐 How to Encrypt an External USB Drive on Linux Using LUKS
If you’re rolling with Linux, LUKS (Linux Unified Key Setup) is your go-to for strong disk encryption. It works with cryptsetup and is rock solid for locking down your data.
Let’s dive in:
1. Plug in the Drive
Connect your external USB drive to your machine. Check if the system detects it:
lsblk
You should see something like /dev/sdX (for example /dev/sdb). Be super careful to identify the correct device — nuking the wrong one means bye-bye data.
2. (Optional) Wipe Existing Partitions
If the drive already has partitions and you want to start fresh, use fdisk or parted:
sudo fdisk /dev/sdX
Inside fdisk:
- Press o to create a new empty partition table
- Press w to write and exit
⚠️ Warning: This erases everything, so back up first if needed.
3. Set Up LUKS Encryption
Let’s lock it down:
sudo cryptsetup luksFormat /dev/sdX
You’ll be prompted to set a passphrase — choose one you won’t forget (or do, and enjoy a lifetime of regret 😅).
4. Unlock the Drive
Now open the encrypted drive to use it:
sudo cryptsetup luksOpen /dev/sdX my_encrypted_drive
Replace my_encrypted_drive with whatever nickname you want. You’ll enter the password from step 3 here.
5. Create a Filesystem
With the drive unlocked, time to format it — let’s go with ext4 (feel free to pick another like ntfs or btrfs):
sudo mkfs.ext4 /dev/mapper/my_encrypted_drive
6. Mount the Drive
Create a mount point:
sudo mkdir /mnt/my_encrypted_drive
Then mount the drive:
sudo mount /dev/mapper/my_encrypted_drive /mnt/my_encrypted_drive
Boom — your secure drive is now ready to use.
7. (Optional) Auto-Unlock on Boot
If you’re feeling fancy and want the drive to auto-unlock and mount on boot (like for shared systems or regular use), you can configure /etc/crypttab and /etc/fstab.
Fair warning: this requires a bit of Linux-fu.
8. Unmount and Lock When You’re Done
When you’re finished backing stuff up, safely unmount and re-lock the drive:
sudo umount /mnt/my_encrypted_drive sudo cryptsetup luksClose my_encrypted_drive
Now the drive is fully secured and ready to go live its secret agent life at your buddy’s house.
🔚 TL;DR
Encrypting a drive with LUKS gives you solid, battle-tested protection for your data. Just make really sure you don’t lose the password — no backdoors here.
There are other tools like VeraCrypt or eCryptFS, but LUKS is kind of the gold standard on Linux. Reliable, well-supported, and nerd-approved.