Here’s a concise guide to mounting an encrypted disk in Debian using LUKS (Linux Unified Key Setup), the standard for disk encryption:
Install Required Tools
Ensure cryptsetup (for managing LUKS) is installed:
sudo apt update && sudo apt install cryptsetup
Prepare the Disk Partition
Use fdisk or parted to create a partition (e.g., /dev/sdX1). For example, with fdisk:
sudo fdisk /dev/sdX # Follow prompts to create a new partition (/dev/sdX1)
Encrypt the Partition
Initialize the partition with LUKS encryption. You’ll need to set a strong password (this is required to unlock the disk later):
sudo cryptsetup luksFormat /dev/sdX1
Open the Encrypted Partition
Map the encrypted partition to a virtual device (e.g., my_encrypted_disk) for access:
sudo cryptsetup open /dev/sdX1 my_encrypted_disk
Format the Encrypted Device
Create a filesystem (e.g., ext4) on the mapped device:
sudo mkfs.ext4 /dev/mapper/my_encrypted_disk
Mount the Encrypted Volume
Create a mount point (e.g., /mnt/encrypted_disk) and mount the device:
sudo mkdir -p /mnt/encrypted_disk
sudo mount /dev/mapper/my_encrypted_disk /mnt/encrypted_disk
(Optional) Auto-Mount at Boot
To avoid manual steps on startup, add entries to /etc/crypttab (for unlocking) and /etc/fstab (for mounting):
none with a key file if using one).my_encrypted_disk /dev/sdX1 none luks
/dev/mapper/my_encrypted_disk /mnt/encrypted_disk ext4 defaults 0 2
After editing, test with sudo mount -a to ensure correctness.
Close the Encrypted Volume
When done, unmount and close the device to secure the data:
sudo umount /mnt/encrypted_disk
sudo cryptsetup close my_encrypted_disk
Key Notes:
/dev/sdX1 with your actual partition (use lsblk to identify).