Create A Partially Encrypted External Drive

The goal of this post is to show you how to create a dual-use external drive.
I'm going to demonstrate using a 4GB USB stick but the same process can be used on a big external drive as well.

Step 0 : Prerequisites

You need to have a package called "cryptsetup" installed, to install it open a terminal using CTRL+ALT+T and then type in the command:

sudo apt install cryptsetup

You'll be asked for your password. When you type in your password you won't see characters such as stars echoed back to you. This is normal, just type your password then hit Enter.

Step 1 : Backup

If you have anything at all remotely important on the drive, back it up.

Step 2 : gparted

If you don't have gparted installed, you can install it from the software boutique (System -> Administration -> Software Boutique):

Once it's installed, start it up from System -> Administration -> GParted

Now be careful, the reason gparted just asked for your admin password is because it has the potential to break things.

Make sure you select your USB key from the device list on the top right corner of the window:

Here the key is the "/dev/sdb" device.

If you're on the /dev/sda device, don't do anything because you'll break your system.

Once you're sure you're on the correct device (because the size matches) select the partition and go to Partition -> Unmount

The USB key should now have disappeared from the file manager and the keys before the filesystem column should have gone too. Right click the partition and select Resize/Move:

In my case the key is 4GB. I'm gonna use half of the key as a secure store, so I'm gonna resize the existing partition to 2GB:

You need to apply the resizing operation by clicking the green tick:

Once that's done and assuming you got the "All operations successfully completed" messages, you can close gparted and go to the next step.

Step 3 : Disks

Open the Disks utility from System -> Preferences -> Hardware -> Disks and select your key (or external drive), you should see something like this:

Select the free space on the right and then click the green "+" sign.

For the type of the new partition, select "Encrypted, compatible with Linux systems (LUKS + Ext4)
Pick a passphrase. A passphrase is like a password, except you can have several words separated with spaces.
Then click "Create".

Let Disks do its thing, and when you don't see your mouse cursor spin anymore you should have this:

Step 4 : Enjoy!

Now then unplug your USB key (or external drive)
The next time you plug it in, the following should happen:

  • The unencrypted partition (here, "USB_DISK") will be automatically mounted in the file manager and you'll be able to browse the files inside.

  • At the same time, a prompt will appear for your passphrase to unlock the secure storage partition on the key:


This sounds good. What happens if someone tries to put this disk in a Apple or Windows machine? Is there a decryption tool for those too?

Iā€™m unable to test. My assumption is that you would need to install specific software matching cryptsetup for those platforms, as well as ext4 filesystem support.