How to create an encrypted partition?

Question

I am trying to create an encrypted partition, and while I format it I get the option to choose the partition type (fat/ext2/ext3/ext4/xfs/reiserfs/minix/ntfs). Is there any benefit of choosing one filesystem over the others if I want my partition to have strong encryption?

Also, could you recommend an easy-to-use encryption app, and give instructions on how to create an encrypted partition?

Related: How to encrypt external devices? – Lucio Aug 29 '15 at 20:15 — Lucio, Aug 29 '15 at 20:15

score 20 · Answer 1 · edited Sep 24 '18 at 07:29

20

It's probably best to use a built-in solution like eCryptFS or LUKS. For an explanation about using eCryptFS, see the sites Jorge points to.

LUKS encryption is easy to set up with the GNOME Disk Utility; just tick the encryption checkbox at the bottom of the "format partition" dialog:

Screenshot of Format Partition dialog

The difference between both is that eCryptFS encrypts files (including the filenames), while LUKS encrypts a complete partition under the filesystem level.

Ubuntu can then remember your password when mounting if you want, allowing you to just plug and play on your device after logging in.

edited Sep 24 '18 at 07:29

Ciro Santilli OurBigBook.com

28,474

answered Nov 11 '10 at 10:51

JanC

19,422

Are there any advantages/disadvantages of these two approaches? – radek Oct 20 '11 at 22:56
3

@radek: That probably deserves its own question, but in short: LUKS encryption doesn't have to care about a filesystem below it, which makes it somewhat faster, and can be used for things that aren't regular filesystems (e.g. swap space or a RAID layer), eCryptFS (and encfs) on the other hand stores files as files on the underlaying filesystem, which means it doesn't need a free partition and makes it possible to store the encrypted files on something like Dropbox, UbuntuOne cloud storage, a remote filesystem mounted using Samba or sshfs, etc. – JanC Nov 01 '11 at 09:57
3

On newer Ubuntus (I'm on 14.04), this option is accessed differently.: It's still in GNOME Disk Utility (just called "Disks" in the launcher), but rather than ticking an "Encrypt" box, you instead choose a partition type of "Encrypted, compatible with Linux systems (LUKS + Ext4)" when formatting. (Source: https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage) – Sam Feb 03 '16 at 08:58
There seems to be a good description of this option here: https://askubuntu.com/questions/1067110/ecrypfts-to-luks-on-ext4-partition – Max Robbertze Dec 15 '19 at 05:17
Notice that as of today GParted doesn't seem to allow the creation of LUKS encrypted volumes – robertspierre Feb 24 '21 at 17:47

score 16 · Accepted Answer · answered Nov 10 '10 at 22:58

You don't really go into details of what your use case is so I'll just highlight the built in encryption features:

Ubuntu has built in support for an encrypted Private directory that might meet your needs, or you can set up encrypted home directories.

score 7 · Answer 3 · edited Jun 12 '20 at 14:37

7

Deprecated answer

left around for historical purposes.

TrueCrypt is no longer actively maintained, although there are alternative products/projects... The dust hasn't truly settled yet as far as I am aware.

truecrypt is more operating system angostic than some other solutions. if you need portability across os that is a good idea. as to filesystems, this too comes down to portability. are you using it on only linux boxes? then ext4 with luks and full volume encryption is the recommendation...portability to an unmodified windows box? then ntfs with truecrypt

edited Jun 12 '20 at 14:37

Community

1

answered Nov 11 '10 at 01:29

RobotHumans

29,530

2

LUKS can be used on Windows too, and unlike TrueCrypt it has a free license. See FreeOTFE for LUKS support (and more!) on Windows. – JanC Nov 11 '10 at 10:24
I know about FreeOTFE, but it hasn't been around nearly as long and doesn't have as "known" developers to me...I just don't trust it. TrueCrypt is also free and can have products based on it without payment as long as the product is shared as well....so I don't see where unlike TrueCrypt it has a free license is going? – RobotHumans Nov 11 '10 at 12:30
I know TrueCrypt is not included in any linux distro because the licensing is "weird" (there are links on the wikipedia page and explanations on the web pages where the distros keep track of licensing issues). But IANAL, etc. ;) – JanC Nov 12 '10 at 03:38
3

neither are multimedia codecs...but we all install them(most of us) – RobotHumans Nov 12 '10 at 15:08
Truecrypt is no longer maintained... Do you have a more up to date suggestion for this? – hayd Sep 01 '15 at 01:19
I haven't seen anything else as cross-platform with the same features/expectations. I'll put a deprecated header on here. – RobotHumans Sep 01 '15 at 20:00
TrueCrypt is living now as veracrypt: https://www.veracrypt.fr/en/Home.html – ozma Mar 02 '19 at 12:00

score 6 · Answer 4 · edited Sep 04 '15 at 08:27

6

I suggest you use the Alternate Installer, which is able to encrypt the whole disk except the /boot partition.

edited Sep 04 '15 at 08:27

Ron

20,638

answered Nov 11 '10 at 01:11

Tomasz Zieliński

577

2

I like this idea but we need more detailed information for newer users. – Lucio Sep 06 '15 at 02:56
"I like this idea but we need more detailed information for newer users." Agreed. To Tomasz: Please provide more instructions and info on how to do so. – Gabriel Staples Jul 22 '19 at 16:54

score 3 · Answer 5 · answered Dec 14 '10 at 05:25

3

I recently setup a LUKS encrypted partition in my external hard drive. It works great. I use Kubuntu 10.04. Here are the steps I followed.

answered Dec 14 '10 at 05:25

EmreA

175

It would be great to have those steps detailed here. – Lucio Aug 29 '15 at 20:10
Why duplicate information? – EmreA Aug 30 '15 at 06:45
3

It happens a lot of times that external sites are shutdown. – Lucio Aug 30 '15 at 07:04
@EmreA because the help center tells you to Always quote the most relevant part of an important link, in case the target site is unreachable or goes permanently offline – sox supports the mods Apr 08 '20 at 15:22

score 2 · Answer 6 · answered Nov 11 '10 at 16:34

A very easy way of encrypting a folder is to use Cryptkeeper. It can be installed using the Synaptic Package Manager. You can then assign a password/phrase to any folder of choice. Running Cryptkeeper produces a set-of-keys icon in the control panel. Clicking on the icon lets you select the encrypted folder and provide the password in order to be able to access the files it contains. Details can be found at: http://tuxtweaks.com/2009/03/create-an-encrypted-folder-in-ubuntu-with-cryptkeeper/

score 2 · Answer 7 · answered Nov 13 '10 at 04:08

I believe the file system you use shouldn't have too much impact either way on the security of your encrypted volume. Other factors, like the encryption/hash algorithm, will have a much more direct influence.

Picking the file system underneath has more to do with how you want to use the volume once it's encrypted; if you're using it on only Ubuntu and other Linux machines, ext3 and other Linux file systems would be a great choice.

If you have to access your volume on multiple platforms, something like NTFS or FAT32 would probably work best.

score 2 · Answer 8 · answered Dec 14 '10 at 05:57

2

cryptmount is a better option. It will let you encrypt the whole partition or you can create an encrypted filesystem on a file. You can find more details at http://binwaheed.blogspot.com/search?q=cryptmount which I wrote two years ago

answered Dec 14 '10 at 05:57

binW

13,034

How to create an encrypted partition?

8 Answers8

Deprecated answer

Linked

Related