Install cryptsetup with the following command:

sudo apt update 
sudo apt upgrade
sudo apt install cryptsetup

Find the Block Device Name of Your Partition. Enter the following command:

lsblk
 
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:0    0 232,9G  0 disk 
├─sda1   8:1    0   100M  0 part 
├─sda2   8:2    0  69,9G  0 part 
├─sda3   8:3    0 153,7G  0 part /
└─sda4   8:4    0   9,2G  0 part [SWAP]
sdb      8:16   0 698,7G  0 disk 
└─sdb1   8:17   0 698,7G  0 part /media/user/PORTABLE-BACKUP
sr0     11:0    1  1024M  0 rom  

Once you’re certain you have the right device name, add a LUKS header to the partition.

sudo cryptsetup luksFormat /dev/sdb1

Type “YES” and then choose a strong password for your encrypted partition. Type the same password when asked to verify the passphrase.

You have to map this physical device to a virtual device. What gets written to the virtual device will be encrypted before being stored on the physical device.

sudo cryptsetup luksOpen /dev/sdb1 encrypted-partition

The partition needs a filesystem to be usable. Create an ext4 filesystem with this command:

sudo mkfs.ext4 /dev/mapper/encrypted-partition

Create the directory where you will mount the filesystem from the partition.

mkdir /media/PORTABLE-BACKUP

Mount the filesystem and change to that mounted directory:

sudo mount /dev/mapper/encrypted-partition /media/PORTABLE-BACKUP
cd /media/PORTABLE-BACKUP

At the moment, only the root user can write here. Give your user permission to write in this filesystem by making it the owner of the upper level directory. Copy and paste the whole command, including the “.” at the end.

sudo chown $USER:$USER .

Restrict other users from reading or writing to this directory.

chmod o= .  

At this point, most file managers should show you the new encrypted device in the interface. This shows how it looks in the Thunar file manager, the default used in the XFCE desktop environment.

If the volume is not mounted, when you click on it you will be asked for the volume password and your sudo password. The volume will be mounted automatically, and you will be able to browse it. The mountpoint will be different from “~/encrypted-storage.” It could be something like “/media/user/f42f3025-755d-4a71-95e0-37eaeb761730/,”

That is unimportant; permissions you set earlier still apply. What is important is to remember to right-click it and unmount when you finish working with the volume. Unmounting and closing the virtual device guarantees that no one can read the data from the encrypted partition, not even your operating system.

If, for some reason, your file manager doesn’t support this feature, you can mount from the terminal.

sudo cryptsetup luksOpen /dev/vda3 encrypted-partition
sudo mount /dev/mapper/encrypted-partition ~/encrypted-storage

You can now access the volume by going to “/home/username/encrypted-storage” in the file manager. When you’re done, unmount the filesystem and close the virtual device:

cd && sudo umount /dev/mapper/encrypted-partition
sudo cryptsetup luksClose /dev/mapper/encrypted-partition