A question in regards to encrypting external Hard Drives

No, no idea. You don’t in any case need to zero it again. Assuming you have now created a disk-spanning partition /dev/sdb1, follow that article using /dev/sdb1 rather than just /dev/sdb where he says /dev/sdX – and please use just mkfs.ext4 rather than mkfs.xfs.

I thinks Gparted did made a ext4 file system too. I want to make it into luks drive tho remember? What should I do next then? The tutorial article said the dd part is not necessary, but didn’t warned for such a situation neither. what should I do to turn the whole thing into a luks vault?

Yes, you now pick up the article at step 3.

$ sudo cryptsetup luksFormat /dev/sdb1
$ sudo cryptsetup open /dev/sdb1 vault
< check the /dev/mapper/ directory to be sure a /dev/mapper/vault now exists >
$ sudo mkfs -t ext4 -L vault /dev/mapper/vault
$ sudo cryptsetup close vault

I need to specify that I’m not in fact on Endeavour but unless it’s setup non-standard (or if you don’t use a desktop automounter) you should at this point be able to e.g. eject sdb and unplug/replug it and have the desktop automounter prompt you for the passphrase and then automount it.

If that’s not set up to happen automatically for your installation you’d do it manually as

$ sudo cryptsetup open /dev/sdb1 vault
$ sudo mount /dev/mapper/vault /mnt

or wherever else you want it mounted; in anycase all as normal for external drives. Including of course you maybe wanting to after that manual mount do

sudo chown -R $(whoami): /mnt

if you want to be able to use that ext4 filesystem as your user.

1 Like

So I need to create a new fs after changing to luks, correct?
I also like to use a label on my drives to mount them consistently? with luks does adding a lable matters? it looks like it only accept a label in the time of mount command as you described, i am understanding it correctly?

Yes, LUKS is blockdevice level encryption. I.e., where you normally put a regular filesystem such as ext4 on a regular hardware-backed blockdevice such as /dev/sdb1, with LUKS you put that still same completely regular filesystem on a non-regular, encrypted software-backed blockdevice that in turn layers itself on the hardware blockdevice /dev/sdb1.

I in the above specified the filesystem label as vault during the mkfs step. You can have that be anything;

sudo mkfs -t ext4 -L "What Ever"  /dev/mapper/vault 

Note; the vault as used in the cryptsetup step is just a name for the device with which to appear under /dev/mapper/ and would be different/automatic when automounting.

That is the use I am looking for . To just mount it with a consistent name so I can copy to it without changing the path every time.

That’s nothing to do with encryption as such anymore though and needs information as to you using or not a desktop automounter and possibly, from which desktop. But that’s the same for handling of general externals: if you have labeled the filesystem “mydata”, say, then you can add a line to /etc/fstab saying

LABEL=mydata  /mnt/where/ever  auto  noauto,noatime

or some such: the XFCE and as far as I’m aware GNOME/KDE automounters would pick up that path from /etc/fstab when you insert the filesystem. Again be sure to after mounting it do once

sudo chown -R $(whoami): /mnt/where/ever

if you want to able to use it as your user, i.e., without sudo

I can still read it though by checking the history. Seems you noticed that I had already anticipated that that was going to be your next question :wink:

1 Like

Yeah, I thought not bothering you with that. It was a silly mistake as I think I have done mounting in the past but forgot how to do it again. Thank you very much for your help.

One other question regarding backups? I use rsync to back up files in my home directory when I have programs like brave open and working , I notice using -u --delete option that i copies a lot of files in .cache directory and some data in .config directory even (I guess because of programs installed via aur like brave). How should I exclude files to have functional system on a restore. Is having outdated files there going to cause an issue or if I don’t copy them and there is no folder for that at the time of restore is going to cause an issue?

~/.config you shouldn’t exclude; it’s the directory under which most/many per-user configuration files for programs live, and no, not just for AUR-installed ones; it’s the standard configuration file directory for all installed software.

~/.cache by the very nature of what cache is – data that is stored to speed things up but which can be replaced – can be excluded – but in that speed sense you preferably wouldn’t. My advise would be to only backup your home-directory with things such as browsers not running; with as far as possible nothing running. This is what I do; I close any and all, backup and then either start things back up or usually in fact shut the system down, since my habit is to backup just before I e.g. turn in for the night.

That said; it’s as said in essence fine to exclude ~/.cache and you’d with rsync do so for example with

rsync -avx --delete --exclude .cache ~ /mnt/external/

Be with rsync careful as to trailing slashes on directories or not: not one on ~, one on the destination directory in my above example. man rsync for explanation and many more options of rsync.

1 Like

iirc the trailing slash is for syncing the content of the directory with the destination not to put the directory inside the destination, but I use rsync /home/<myuser>/ /path/to/folder with out any problem. Why adding a / after ~ is a problem?

Although there are still some annoyances wrt. pre-existing or not pre-existing destinations, by and large you can vocalise a trailing slash in the context of rsync as “contents of”. The difference between

rsync -avx --delete --exclude .cache ~ /mnt/external/

and

rsync -avx --delete --exclude .cache ~/ /mnt/external/

then is that former says to backup your home-directory, say, /home/archiee to /mnt/external/archiee whereas latter says to backup the contents of /home/archiee to /mnt/external/, i.e., would have you end up with e.g. /mnt/external/.config, /mnt/external/Documents, so on, so on. Either might of course be your intent, but they’re quite different in any case and you should in that sense be aware of that syntax issue.

1 Like

Thanks.