Encrypted media

mark_us91 · 2026-04-06 13:42:52

Hi

I'm trying to understand how to use my encrypted external HDD the right way.
I encrypted it for cold storage with luks by using the cryptsetup command and it works fine but I have two main questions:
1) I have two computers running identical setups using Arch with Plasma 6. On one of them I can simply stick the HDD to the USB port and click the name of it in the file manager and it just brings the popup for luks password. If the password is correct it just mounts it and I can use it.
The same disk on another computer brings KDE wallet pupup when I try to mount it with the file manager as described above and when I click cancel it just hangs and does nothing.
I can mount it with terminal by using the cryptsetup open command though.
I need to know how to make the second computer to mount the disk as on the first computer.
2) If I mount the disk as described above on the first computer do I absolutely must to run the cryptosetup close command before unmounting it or is it enough to just "safely remove" the media?

I'm dealing with encryption like that for the first time and It's very important for me to make this right so I won't run into situations later on as it's going to be used for cold storage for privacy related data.

mpan · 2026-04-10 02:38:04

Hello,

With all modern desktop environments and their file managers, mounting is done through Udisks. Including the encryption layer.

As long as your file manager does the unlocking and mounting, it’s going to do the opposite while unmounting. Including locking the device back and — if that’s removable media — flushing and powering it down. That should answer your question in point 2. Given you ask, I assume something goes wrong. What exactly happens, what is making you think the disk is not properly unmounted?

The difference you describe in point 1 is something that shouldn’t happen. The setup apparently isn’t identical. Poke around and see, where is the difference. Under normal circumstances this should work flawlessly in the file manager. It’s no longer the 2000s, where we had to manually deal with such stuff.

If doing something manually and a DE is present, mind that in most cases it’s best to use udisksctl. Not cryptsetup/mount/losetup directly. That’s because the file manager and everything in the DE will try to use the Udisks daemon.

frostschutz · 2026-04-10 06:30:13

Technically it's safe to sync umount. If you're sure that it was properly unmounted, and that was the only filesystem on that drive and not a multi-partition multi-volume multi-filesystem setup where other parts could still be in use.

cryptsetup close by itself won't change any data on disk anymore, but it helps the running system to not have any invalid orphan /dev/mapper/luks... devices hanging around, which might also prevent you from re-opening it a second time because it seems to already exist. Also if anything tries to read the device (like when searching for UUIDs) it might error out.

So you do the cryptsetup close to cleanup the running system, even if it no longer affects the already umounted disk itself.

Hopefully the frontend will properly take care of it. udisks should be able to deal with standard setups. If you have anything crazy like raid on usb, you're on your own...

seth · 2026-04-10 07:04:26

This just sounds as if the DE on system2 (KDE?) uses kwallet as password manager - why do you click cancel?
https://wiki.archlinux.org/title/KDE_Wa … le_KWallet

Is the FM dolphin (on both systems?), there's no option for you to NOT store the password?
The idea of the situation is probably that you can store the password for the medium in kwallet and then get it decrypted automagically in the future.

Arch Linux

#1 2026-04-06 13:42:52

Encrypted media

#2 2026-04-10 02:38:04

Re: Encrypted media

#3 2026-04-10 06:30:13

Re: Encrypted media

#4 2026-04-10 07:04:26

Re: Encrypted media

Board footer