Here’s a concise guide to mounting an encrypted disk in Debian using LUKS (Linux Unified Key Setup), the standard for disk encryption:
-
Install Required Tools
Ensurecryptsetup(for managing LUKS) is installed:sudo apt update && sudo apt install cryptsetup -
Prepare the Disk Partition
Usefdiskorpartedto create a partition (e.g.,/dev/sdX1). For example, withfdisk:sudo fdisk /dev/sdX # Follow prompts to create a new partition (/dev/sdX1) -
Encrypt the Partition
Initialize the partition with LUKS encryption. You’ll need to set a strong password (this is required to unlock the disk later):sudo cryptsetup luksFormat /dev/sdX1 -
Open the Encrypted Partition
Map the encrypted partition to a virtual device (e.g.,my_encrypted_disk) for access:sudo cryptsetup open /dev/sdX1 my_encrypted_disk -
Format the Encrypted Device
Create a filesystem (e.g., ext4) on the mapped device:sudo mkfs.ext4 /dev/mapper/my_encrypted_disk -
Mount the Encrypted Volume
Create a mount point (e.g.,/mnt/encrypted_disk) and mount the device:sudo mkdir -p /mnt/encrypted_disk sudo mount /dev/mapper/my_encrypted_disk /mnt/encrypted_disk -
(Optional) Auto-Mount at Boot
To avoid manual steps on startup, add entries to/etc/crypttab(for unlocking) and/etc/fstab(for mounting):- /etc/crypttab: Link the physical partition to the virtual device (replace
nonewith a key file if using one).my_encrypted_disk /dev/sdX1 none luks - /etc/fstab: Define the mount point and filesystem.
/dev/mapper/my_encrypted_disk /mnt/encrypted_disk ext4 defaults 0 2
After editing, test with
sudo mount -ato ensure correctness. - /etc/crypttab: Link the physical partition to the virtual device (replace
-
Close the Encrypted Volume
When done, unmount and close the device to secure the data:sudo umount /mnt/encrypted_disk sudo cryptsetup close my_encrypted_disk
Key Notes:
- Replace
/dev/sdX1with your actual partition (uselsblkto identify). - Store your LUKS password securely—losing it means losing access to the data.
- Test auto-mount settings carefully to prevent boot failures.