To begin with manually encrypting directories, perform the following steps:
- Install cryptsetup as shown here, which is a utility used for setting up encrypted filesystems:
apt-get install cryptsetup
The preceding command generates the following output:
- Encrypt your /dev/sdb1 partition, which is a removable device. To encrypt the partition, type the following command:
cryptsetup -y -v luksFormat /dev/sdb1
The preceding command generates the following output:
This command initializes the partition and also sets a passphrase. Make sure you note the passphrase for further use.
- Now open the newly created encrypted device by creating a mapping:
- Check to confirm that the device is present:
ls -l /dev/mapper/backup2
The preceding command generates the following output:
- Check the status of the mapping using the following command:
- Dump LUKS headers using the following command:
- Next, write zeros to /dev/mapper/backup2 encrypted device:
As the dd command may take hours to complete, we use the pv command to monitor the progress.
- Now create a filesystem:
mkfs.ext4 /dev/mapper/backup2
The preceding command generates the following output:
- Then mount the new filesystem and confirm the filesystem is visible:
Congratulations! You have successfully created an encrypted partition. Now, you can keep all your data safe, even when the computer is off.