Encrypted external HD

3. Hard drive encryption

Install support for encryption
Install the necessary packages with apt-get in a terminal as follows:
sudo apt-get install cryptsetup

Encrypt the drive
The Ubuntu article suggests to use one of the following commands to increase security, with the last one with the highest security:

sudo dd if=/dev/zero of=/dev/sdb bs=4K
or
sudo badblocks -c 10240 -s -w -t random -v /dev/sdb
or
sudo dd if=/dev/urandom of=/dev/sdb bs=4K

But note, when I used the first command, I stopped it after it had run for 1.5 days and only had finished 2/3 of the 1.5TB disk!

Delete all existing partitions on the external hard drive and create just a single primary partition. There is no need to format it since we first need to set up the encryption wrapper. You can use gparted for this.

The following command creates an encrypted file format on the /dev/usbcrypthd device, using 256 bit strong encryption (you might want to up it to 512):

sudo cryptsetup --verify-passphrase luksFormat /dev/usbcrypthd -c aes -s 256 -h sha256

The passphrase that you are required to enter, do NOT forget it. This is the key that unlocks your data!

Use the following command

sudo cryptsetup luksOpen /dev/usbcrypthd usbcrypthd

to unlock the drive and enter the passphrase again that you just used before.

Create file system
Now is the time to create a file system on the disk, e.g., ext3 using gparted or the following command:

sudo mkfs -t ext3 -m 1 -O dir_index,filetype,sparse_super /dev/mapper/usbcrypthd