Verify if a hard drive is encrypted on Linux

Assuming that the drive is /dev/sdb, and the partition you want to check is /dev/sdb1, run this command:

$ blkid /dev/sdb1 

the output will change if the partition is encrypted or not:

/dev/sdb1: UUID="xxxxxxxxxxxx" TYPE="crypto_LUKS" #encrypted /dev/sdb1: UUID="xxxxxxxxxxxx" TYPE="ext4" #not encrypted, fs is ext4 

If the partition is not encrypted, and assuming that you are NOT trying to encrypt the / partition, you have to:

• Make a backup of the data on that partition

• Initialize the partition as encrypted

  $ cryptsetup luksFormat /dev/sdb1 

BEWARE: this command will wipe all the contents of the partition!!! It will ask you for a passphrase to open the volume; now if you try to run blkid, the output should be TYPE="crypto_LUKS"

• Open the encrypted partition to use it

  $ cryptsetup luksOpen /dev/sdb1 secret 

where "secret" is the name of the volume we are opening

• Format the new "secret" volume

  $ mkfs.ext4 /dev/mapper/secret 

• Mount it providing the passphrase created before

  $ mount /dev/mapper/secret /whereyouwant 

  Now you should be able to use the encrypted partition!

Optionally, if you want to mount it at reboot, you should edit /etc/crypttab and insert a line similar to this (it will request the password at boot):

secret /dev/sdb1 none 

Where secret is the name of the volume we created before.

Or something like this, if you want to put your password in some plain text file:

secret /dev/sdb1 /whereyouwant-sdb1-luks-pwdfile 

Just keep in mind for this, you also have to add the key:

$ cryptsetup luksAddKey /dev/sdb1 /whereyouwant-sdb1-luks-pwdfile 

And edit the /etc/fstab and insert a line similar to this:

/dev/mapper/secret /whereyouwant ext4 defaults 1 2