Encrypted USB drive in Ubuntu28 Oct 2006
Today I went to the Linuxforum BOF day where I attended a session about encrypting your personal files. This made me remember a post read some time ago (check out the screen cast). I guessed that this functionality would be in Ubuntu Edgy by now so I just went ahead and tried to make my USB pen drive encrypted.
This is how I did it:
First install the needed software
sudo apt-get install cryptsetup
- Make sure your USB disk isn’t mounted. Then partition the USB pendrive the way you want it, if it isn’t already partitioned (I made one big partition on mine
/dev/sda1). Note: Don’t mount the disk afterwards!
If you havn’t rebooted your computer since you installed the
cryptsetuppackage, you might have to load the device mapper crypt module manually:
sudo modprobe dm-crypt
Now make the partition encrypted:
$ sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sda1 WARNING! ======== This will overwrite data on /dev/sda1 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: Command successful.
If you get the error:
Failed to setup dm-crypt key mapping. Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/sda1 contains at least 133 sectors.
Make sure that the disk isn’t mounted. And make sure you are using the right device. You can use
dmesgto check which device the disk have been assigned. You might also wanna check that the the module
dm-cryptis loaded (
lsmod | grep dm).
Now attach the encrypted partition.:
$ sudo cryptsetup luksOpen /dev/sda1 sda1 Enter LUKS passphrase: key slot 0 unlocked Command successful.
Now create a filesystem on the new encryptet device:
sudo mkfs.ext3 /dev/mapper/sda1
Remove the tempoary device mapped to the encrypted partition:
sudo cryptsetup luksClose sda1
- Now remove the your usbdisk from the USB plug, and reinsert it and Ubuntu should find it and ask for the passphrase.
Update: I tried to insert my USB pen into a Ubuntu Dapper (which this guide also would work on I guess). I just thought it was cool that is atcually told me which package it needed to for it to work:
Encrypted USB drive in Ubuntu by Jacob Emcken is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.