Neil Bothwick

Got a burning question about open source or the kernel? Whatever your level, email it to lxf.answers@futurenet.com

Neil Bothwick is a man who’s in the know (taps forehead knowingly).

Q Second disk encryption

I have two SSDs in my machine running LXLE (Ubuntu 18.04). One is a boot/home drive that was encrypted at the time of install. I would now like to encrypt the second drive, which is used for data storage and VMs. I’m still a relative beginner and was wondering what’s the most user-friendly way to encrypt the second drive and access it easily to run my VMs? There seems to be many options, for example LUKS, GnuPG and VeraCrypt.

Sandeep Bappoo

A There are indeed many options, and we don’t know which has been used to encrypt your main drive. When encrypting a whole disk or partition, LUKS is the usual choice. It’s not suitable for a total novice to set up, but if you’re happy to use the command line it’s fairly straightforward. Encrypting individual directories is often done with EcryptFS. This is what Ubuntu uses if you choose an encrypted home directory when installing. VeraCrypt is different in that it runs in user space, has a GUI for set up and is crossplatform, so you can read the same encrypted data from Linux and Windows.

If you’re already using LUKS for your first disk, you’ll have a file in /dev/mapper that corresponds to your partition’s entry in the output from mount or df. In that case you may as well use LUKS for the second disk, too. Setting up a partition with LUKS needs one command to encrypt it, so if the partition is /dev/sdb1, you’d use $ sudo cryptsetup luksFormat /dev/sdb1 Now open it with