![]() So to use it, you must open it with your passphrase. Prying eyes, including your own right now, are kept out of this LUKS partition. Now you have a fully encrypted vault on your drive. This will overwrite data on /dev/sdX irrevocably. When you create a LUKS partition, you're warned about overwriting data and then prompted to create a passphrase for your drive: $ sudo cryptsetup luksFormat /dev/sdX The luksFormat subcommand creates a sort of LUKS vault that's password-protected and can house a secured filesystem. The cryptsetup command is a frontend for managing LUKS volumes. This step isn't strictly necessary, but I like to start with a clean slate. To proceed, destroy the drive's partition table by overwriting the drive's head with zeros: $ sudo dd if=/dev/zero of=/dev/sdX count=4096 My drive is not empty, but it contains copies of documents I have copies of elsewhere, so losing this data isn't significant to me. Make sure you identify the correct drive because encrypting it overwrites everything on it. If you're unsure, remove your drive, look at the output of lsblk, and then attach your drive and look at lsblk again. The /dev/sdX1 designator means the drive has 1 partition. I know that my demo drive is located at /dev/sdX because I recognize its size (1.8GB), and it's also the last drive I attached (with sda being the first, sdb the second, sdc the third, and so on). Attach your drive and find its location: $ lsblk To protect you from accidentally erasing data, the drive referenced in this article is located at the imaginary location /dev/sdX. This process overwrites all the data on a drive, so if you have data that you want to keep on the drive, back it up first. How to encrypt an external drive with LUKSįirst, you need an empty external drive (or a drive with contents you're willing to erase). ![]() As Linux does during installation, you can encrypt the entire drive so that it requires a passphrase to mount it. LUKS and its frontend cryptsetup provide a way to do this on Linux. You can mitigate against misplacing important data by encrypting your external drives. Most of these didn't include personal information, but it's an easy mistake to make. I've found abandoned drives in the USB ports of hotel lobby computers, business center printers, classrooms, and even a laundromat. The obvious danger, however, is that these are also pretty easy to misplace. As technology gets smaller and smaller, it's easier to put a portable drive on your keychain and carry it around with you every day. It's not common to separate an internal hard drive from its computer, but external drives are designed to travel. If the drive is extracted from your computer or accessed from another operating system running on your computer, the drive must be decrypted by LUKS before it can be mounted. This establishes everything you need: an encrypted drive requiring a passphrase before your system can boot. Most modern Linux distributions offer this as an option, so it's usually a trivial process. The easiest way to implement full-drive encryption is to select the option during installation. The result is full-drive encryption, so you can store all of your data confident that it's safe-even if your drive is separated, either physically or through software, from your computer. It's designed to be flexible and can even store metadata externally so that it can be integrated with other tools. It provides a generic key store (and associated metadata and recovery aids) in a dedicated area on a disk with the ability to use multiple passphrases (or key files) to unlock a stored key. Linux Unified Key Setup ( LUKS) is a disk-encryption system. The answer is to place the data on a drive into a digital vault that can't be opened without information that only you have access to. Computers can be booted from a portable boot drive, which separates a drive from its host operating system and turns it into, virtually, an external drive available for reading. You don't have to physically separate a drive from its computer host for this trick to work, either. The problem, as many a computer technician understands, is that hard drives can be extracted from computers, and some drives are already external by design (USB thumb drives, for instance), so they can be attached to any computer for full access to the data on them. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |