Raspberry Pi

How to Encrypt and Decrypt a Partition in Raspberry Pi

2 years ago
by Awais Khan
Encrypting and decrypting a partition on Raspberry Pi is an important task since it helps you protect your sensitive data from the reach of an unauthorized user. The encryption process applies a mathematical algorithm to data, including partitions and disks and those users who want to access them will need a decryption key.

If you want to learn how to encrypt and decrypt a partition on Raspberry Pi, follow this article’s guidelines.

Encrypt and Decrypt a Partition in Raspberry Pi

To encrypt and decrypt a Raspberry Pi partition, follow the below-given steps:

Step 1: First install the encryption utility called cryptsetup on Raspberry Pi from the following command:

sudo apt install cryptsetup -y

Step 2: Attach a disk drive to Raspberry Pi on which you want to create a partition. Here, in my case, it’s a USB drive, which can be found through the following command:

lsblk

Step 3: Since here we are dealing with removal media, we have to unmount the drive first from the following command:

sudo umount /dev/sda1

Note: The drive could be different in your case.

Step 4: To confirm the partition is unmounted, you can run the following command:

lsblk /dev/sda1

Step 5: Now format the targeted partition and create a LUKS encryption container from the following command:

sudo cryptsetup luksFormat --type luks1 /dev/sda1

Note: The LUKS encryption container helps you create an encrypted partition.

Step 6: Provide a password for the partition and verify it too.

At this point, the partition is successfully encrypted.

Decrypt a Partition

You cannot directly access the drive since it’s encrypted. To decrypt the drive, you must create a mapper for the drive and open it with the following command:

sudo cryptsetup -v luksOpen /dev/sda1 my_drive

Note: You must need to provide a password for the encrypted drive you set in Step 5 and Step 6. The above command will create a mapper drive on your system, located in the “/dev/mapper”. You can confirm it from the “ls” command:

ls -l /dev/mapper

Since the drive doesn’t have a partition system, we need to create a file system for it using the following command:

sudo mkfs.vfat -F32 /dev/mapper/my_drive

Now, create a directory for the encrypted drive from the following command:

sudo mkdir -p /mnt/encrypt_dir

Then copy the data of the encrypted drive to that created directory from the following command:

sudo mount /dev/mapper/my_drive /mnt/encrypt_dir

You can check the drive type by running the following command:

lsblk | grep my_drive

You can now unmount the drive just like you do for other removal media using the following command:

sudo umount /dev/mapper/my_drive

Now the drive is unmounted, we should close the partition volume and dissociate the memory in the kernel from the mapping and key using the following command:

sudo cryptsetup luksClose my_drive

To confirm the drive is no longer available for the system, you can run the following command:

lsblk | grep my_drive

Conclusion

The Raspberry Pi users can encrypt and decrypt a partition on the system by first installing the cryptsetup utility. Then they must unmount a partition drive and perform the encryption process with the LUKS encryption container. It provides users the ability to set a strong password for a partition. Later, the users can decrypt the same partition by creating a mapper for the drive, creating a file system, and copying the encrypted partition data onto another drive. After that, they can unmount and close the partition to complete the decryption process on the Raspberry Pi system.

About the author

Awais Khan

I'm an Engineer and an academic researcher by profession. My interest for Raspberry Pi, embedded systems and blogging has brought me here to share my knowledge with others.

View all posts