How to Encrypt Drives Using LUKS in Fedora Linux?

Introduction

Linux Unified Key Setup (LUKS) is a disk encryption specification that provides an easy-to-use interface for encrypting hard drives. It is a widely used encryption standard in the Linux community, its importance lies in the fact that it ensures data stored on your hard drive remains safe from unauthorized access in the event of theft or loss. When you encrypt a drive with LUKS, all your files, documents, and media become unreadable without a password key.

Without this password key, it's virtually impossible to access the contents of an encrypted drive. Considering the amount of sensitive information we store on our computers these days, such as tax records and personal finance information; work-related documents; and confidential client data among others - having robust encryption tools such as LUKS becomes an essential requirement for securing our private information.

Brief Overview of Encrypting Drives with LUKS in Fedora Linux

Encrypting drives with LUKS in Fedora Linux involves several steps that culminate into mounting an encrypted partition to store your sensitive data securely. The process involves first ensuring that your system meets specific requirements before creating partitions on the targeted drives using GParted or fdisk utility. Once you have created partitions on your target hard drive(s), you will then proceed to create a LUKS container on each partition, after which you format them with your preferred file system before proceeding to mount them onto directories on your system.

Preparing the System for Encryption

Checking system requirements

Ensure that your device has enough storage to accommodate the encrypted data as it may require more space than unencrypted data.

Make sure you have enough RAM and CPU processing power so that the system doesn't slow down after encryption. The next critical step is to make sure that you have a compatible software version with LUKS for Fedora Linux.

LUKS is fully integrated into most modern Linux distributions, including Fedora Linux. However, it's essential to ensure you have a Fedora version with a kernel version of at least 2.6 as this supports dm-crypt; which is used for device mapping.

Installing necessary packages

After checking if your system meets the requirements, you need to install necessary packages before proceeding with encryption using LUKS in Fedora Linux. The required tools are available in Fedora repositories and can be installed using dnf (Dandified Yum) package manager command-line tool.

Install cryptsetup package responsible for setting up encrypted partitions and managing them in Fedora OS via command-line or GUI.

sudo dnf install cryptsetup 

We also need additional tools like gparted or fdisk partitioning tool and other file systems utilities such as e2fsprogs (ext4), xfsprogs (XFS), ntfs-3g (NTFS).

sudo dnf install gparted e2fsprogs xfsprogs ntfs-3g 

Creating a backup of important data

Encrypting drives using LUKS in Fedora Linux involves making significant changes to your system's hard disk. Therefore, backing up your critical data before encrypting the drive is essential.

This backup will come in handy if anything goes wrong during the encryption process or when you need to recover your data in the future. Create a backup of your important files and directories on an external drive or cloud storage service like Google Drive, Dropbox, or Amazon S3.

Partitioning the Drive

Understanding partitioning and its importance

A hard disk can be divided into multiple partitions, each with its own file system format, such as ext4, NTFS, etc. When creating partitions for encrypted drives using LUKS in Fedora Linux, it's crucial to determine how many partitions are required and how much space should be allocated to each one. It's also essential to ensure that there is sufficient space available for all of the data that needs to be stored on it.

Creating partitions using fdisk or GParted

Once you have determined your partition requirements, you can use either fdisk or GParted graphical partition editor tool to create them.

Fdisk is a command-line tool used for creating and managing disk partitions in Linux-based systems.

GParted is a graphical tool that provides an easy-to-use interface for partition creation and management. To create new partitions using fdisk, first open up the terminal and enter "sudo fdisk /dev/sda" (assuming "sda" is your hard drive).

Then type "n" followed by selecting the type of partition you want (primary or extended), specify its size, sector alignment, and file system type (if known). Save your changes by typing "w."

Encrypting the Drive with LUKS

Creating a LUKS container on the partition

The first step to encrypting your drive using LUKS is to create a LUKS container on your partition. A LUKS container is essentially a block device that behaves like any other storage device but everything written to it will be automatically encrypted using AES.

To create a LUKS container run following command −

sudo cryptsetup luksFormat /dev/sda1 

/dev/sda1 is an example of your chosen partition name where you want to encrypt data. This command will prompt you for confirmation before proceeding since all data on this device will be lost forever if you proceed.

Once confirmed, you must set up your passphrase/pin code for accessing this device in future. If you already have a LUKS container on the partition and want to change its passphrase, you can use the following command −

sudo cryptsetup luksChangeKey /dev/sda1 

After executing this command, you will be prompted for your old passphrase/pin code and then asked to enter a new one.

Formatting and Mounting the Encrypted Drive

Formatting the Encrypted Drive with a File System

Once the drive has been encrypted with LUKS, it needs to be formatted with a file system before any data can be stored on it. The most commonly used file systems are ext4 for Linux and NTFS for Windows. To format the encrypted drive with a file system, follow these steps −

• Open terminal and enter the following command −

sudo mkfs.ext4 /dev/mapper/

Alternatively, if you want to use NTFS as your file system, enter −

sudo mkfs.ntfs /dev/mapper/

• Replace with the name of your LUKS container that you created. Formatting your encrypted drive will wipe out any previous data on it, so make sure you have backed up everything from that drive to another location before proceeding.

Mounting the Encrypted Drive to a Directory

After formatting your encrypted drive with a file system (ext4 or NTFS), you can mount it to a directory in your filesystem where you can store data. The following are steps to do this −

• Create a new directory where you want to mount your encrypted drive by running the following command −

sudo mkdir /mnt/

• Replace with whatever name you choose for your new directory.

• After creating that directory, run this command in terminal −

sudo mount /dev/mapper/ /mnt/

• This will mount your newly formatted and encrypted partition at "/mnt/".

You can then access it like any other directory in Fedora Linux. It's important to note that every time you restart your computer, the encrypted drive will not be mounted automatically.

So, you will need to run `sudo mount /dev/mapper/ /mnt/` command again after every reboot. Alternatively, you can add an entry for it in the `/etc/fstab` file.

Conclusion

In this article, we have discussed the importance of encrypting drives using LUKS in Fedora Linux to secure your data. We began by preparing the system for encryption, which included checking system requirements, installing necessary packages, and creating a backup of important data.

Next, we covered partitioning the drive with fdisk or GParted and then encrypting the drive with LUKS to ensure maximum security. We formatted and mounted the encrypted drive before verifying that encryption is working correctly.