Creating an Encrypted Data Partition on Ubuntu 18.04 Using LUKS Specification
Keeping your data secure is very important especially in 2019 as many vulnerabilities in operating systems and processor architectures are being discovered which are capable of compromising the security of your data. One way of keeping your sensitive data safe from being compromised is to store it in a separate partition and encrypting the partition itself.
In this article, I shall walk you through the steps to create an encrypted data partition using the Linux Unified Key Setup (LUKS) disk encryption specification on your device running Ubuntu 18.04 to improve the security of your sensitive data.
What is LUKS Specification?
The Linux Unified Key Setup or LUKS is a well documented disk encryption specification. LUKS is a preferred method of full disk encryption because it has many advantages over the other specifications like support for multiple passwords, compatibility across platforms and portability of encrypted data.
LUKS stores all of the encryption data on the partition header to avoid any dependency on the host system.
Creating a Separate Partition For Your Data
In order to encrypt a partition, we need to create one by shrinking the existing volume and using the free space for the new partition. For this step you will need to boot up from a live Ubuntu CD or USB Drive. If you already have a separate partition, you can skip to the encrypting part.
After booting up from a Ubuntu live installation medium, you need to select the “Try Ubuntu” option when prompted.
After you’ve been presented with the Ubuntu desktop screen, Open the GParted application from the menu.
Once GParted has opened up, right-click on your main partition which is /dev/sda1 in this case, and select the “Resize / Move“ option from the menu. This will open up a prompt requiring you to provide details about shrinking your partition. Enter the details as follows
The grey area outside the resized partition will be the free space that we will be using to create a new data partition. You may provide the values as per your hard disk size and requirements. Once that is done, click on “Resize / Move”
After resizing the hard disk’s main partition, you will see an “Unallocated” space with a grey background, Right click on the Unallocated space & click on “New”
A prompt window will pop up with the following values:
Click on “Add” and then click on “Apply all operations” (green tick at the top bar) or alternatively, to apply the operations, hit Ctrl-Enter keys.
A warning popup will appear now, click “Apply” on the warning window. The operation should start now. You will be notified when its complete.
Congratulations, You have now successfully created a partition that we will next encrypt with the LUKS encryption specification. You may shut down your system and boot up into you main Ubuntu installation now.
Encrypting The Partition With LUKS
Now that we have successfully created a separate partition, we shall encrypt the partition with LUKS encryption specification.
After booting up into your main Ubuntu installation, open the “disks” application from the menu, select the newly created partition, click on the “Additional Partition Options” (gears icon under the partitions) and select the “Format Partition” menu.
In the partition format prompt that appears, select the options as per the screenshot below:
Be sure to have the “Password protect volume (LUKS)” checkbox selected and click on next.
Now enter your password on the next screen. Note that having a strong password to encrypt your partition is important. A weak password can easily be broken by a brute force or dictionary attack. So ensure that the password you select is strong.
Click on “Next” to continue. You will now see an alert warning you that all your data will be destroyed. On this screen, click on the “Format” button on the top right corner of the prompt.
You will be now be prompted to enter your system password. Enter your password. Formatting should now begin and will be completed in a few minutes.
You have successfully encrypted your data partition now!
In the “Other locations” menu on your finder, you will now see the partition that you created with a padlock icon indicating that the drive has been encrypted.
You now have a separate LUKS encrypted partition. You can store all your sensitive data in this partition and unmount it.
If you faced any issue while following the above steps, mention it in a comment below and I shall help you get past the issue.