Encrypting External HDD with LUKS

Sat 28 March 2009

I am using OpenSUSE on my main computers, so LUKS is a good option to encrypt my external hdd. I can use Truecrypt if I want to use the hdd with mac or windows, but here is not the case. You can also use LUKS under windows with FreeOTFE.

Here are the steps to encrypt the hdd:

1. be sure that the device is not part of filesystem

umount /dev/sdd1

2. Option 1: write some random data on hdd if you had critical files before

#slow method to fill hdd with semi-random data
dd if=/dev/urandom of=/dev/sdd1

3. Option 2:

#use next two commands to fill the hdd with "zero" data, much faster
dd if=/dev/urandom of=/dev/sdd1 count=2 bs=1M
dd if=/dev/zero of=/dev/sdd1

3. start the encryption setup

cryptsetup -v --key-size 256 luksFormat /dev/sdd1
cryptsetup luksDump /dev/sdd1  #details for encrypted partition
cryptsetup luksOpen /dev/sdd1 buffalo

4. format hdd as ext3

/sbin/mkfs.ext3 /dev/mapper/buffalo

5. mount the encrypted hdd

mount /dev/mapper/buffalo /mnt/buffalo

6. add the entry in /etc/fstab

/dev/mapper/buffalo     /mnt/buffalo      ext3    acl,user_xattr        1 2

7. Optional step: try tune2fs -L MYLABEL /dev/mapper/buffalo if you want a nice label for your hdd.