How to mount a LUKS encrypted drive in Windows.

How to mount a LUKS encrypted drive in Windows

Miguel Menéndez

Yes, you can and you don’t have to fight FreeOTFE. And, although it is not a task as intuitive and transparent as in GNU Linux, you will see that it is relatively simple.

LUKS stands for Linux Unified Key Setup. It is a storage unit encryption specification created by Clemens Fruhwirth, originally developed for GNU Linux systems. While most disk encryption software uses different and incompatible undocumented formats, LUKS specifies a standard, platform-independent format for use by various tools. This not only facilitates compatibility and interoperability between the different programs, but also ensures that all of them provide for password management in a secure place and in a documented manner.

The following procedures require Windows OS Build ≥20211, WSL, and Debian (with the cryptsetup package installed).


In Windows Terminal (admin):

PS C:\Users\miguel> GET-WMIOBJECT -query "SELECT * from Win32_DiskDrive"

It will return something like:

Partitions : 3
Size       : 128034708480

Partitions : 1
Model      : TOSHIBA External USB 3.0 USB Device
Size       : 2000396321280
Caption    : TOSHIBA External USB 3.0 USB Device

I mount the encrypted external drive:

PS C:\Users\miguel> wsl --mount \\.\PHYSICALDRIVE1 --bare

Now, in Debian (note: In the Debian-specific terminal, not in an open Debian tab in Windows Terminal) I find out the name of the disk and its partition:

$ lsblk

I open the encrypted partition and give it a name:

$ sudo cryptsetup luksOpen /dev/sdc1 TOSHIBA2TB

And finally I mount the partition (I first create the directory in which to mount it):

$ sudo mount /dev/mapper/TOSHIBA2TB /mnt/TOSHIBA2TB/

I can access the encrypted drive from Windows File Explorer:


To unmount, in the Debian terminal:

$ sudo umount /mnt/TOSHIBA2TB/

I close the encrypted partition:

$ sudo cryptsetup luksClose TOSHIBA2TB

In Windows Terminal (admin) I unmount the drive:

PS C:\Users\miguel> wsl --unmount \\.\PHYSICALDRIVE1

And eject.

Sources: Wikipedia and own elaboration.


Found a bug? Do you think something could be improved? Feel free to let me know and I will be happy to take a look.