create & mount LUKS encrypted external drive

Formatting and Encrypting a WD Passport Drive with LUKS on Debian

It's possible to format an entire drive with LUKS encryption for cross-distribution Linux compatibility. Follow these steps carefully:

Prerequisites:

Backup any important data first (the drive will be wiped)

Ensure cryptsetup is installed:

sudo apt update && sudo apt install cryptsetup

Step-by-Step Guide:

Identify the drive (replace /dev/sdX with your actual device):
```
sudo fdisk -l
```
Look for your External Drive (e.g., /dev/sdb). DO NOT use partition numbers (avoid /dev/sdb1).
Create a new partition table (GPT recommended for modern drives):
```
sudo parted /dev/sdX mklabel gpt
```

Create a single partition spanning entire drive:

sudo parted -a optimal /dev/sdX mkpart primary 0% 100%

Encrypt the partition with LUKS:
```
sudo cryptsetup luksFormat /dev/sdX1
```
- Confirm with YES (uppercase)
- Set a strong passphrase (8+ chars recommended)
Open the encrypted container:
```
sudo cryptsetup open /dev/sdX1 myluksdrive
```
(This creates a mapped device at /dev/mapper/myluksdrive)
Format the encrypted container (using ext4 as an example):
```
sudo mkfs.ext4 /dev/mapper/myluksdrive
```

Mount and test:

sudo mkdir /mnt/encrypted
sudo mount /dev/mapper/myluksdrive /mnt/encrypted

Usage on Other Linux Systems:

Connect the drive

Open the encrypted container:

sudo cryptsetup open /dev/sdX1 custom_name

Mount the decrypted partition:

sudo mount /dev/mapper/custom_name /your/mount/point

Notes:

To safely unmount:

sudo umount /mnt/encrypted
sudo cryptsetup close myluksdrive

LUKS supports multiple passphrases (add with):
```
sudo cryptsetup luksAddKey /dev/sdX1
```
Always verify device names with lsblk to avoid overwriting disks

Estimated setup time: 5-10 minutes (plus drive format time)
Compatibility: Works on any Linux system with cryptsetup installed (Ubuntu, Fedora, etc.).

84adam/external-luks-drive.md

Select an option

No results found