Encrypted USB drive in Ubuntu

Today I went to the Linuxforum BOF day where I attended a session about encrypting your personal files. This made me remember a post read some time ago (check out the screen cast). I guessed that this functionality would be in Ubuntu Edgy by now so I just went ahead and tried to make my USB pen drive encrypted.

This is how I did it:

  1. First install the needed software

    sudo apt-get install cryptsetup
    
  2. Make sure your USB disk isn’t mounted. Then partition the USB pendrive the way you want it, if it isn’t already partitioned (I made one big partition on mine /dev/sda1). Note: Don’t mount the disk afterwards!
  3. If you havn’t rebooted your computer since you installed the cryptsetup package, you might have to load the device mapper crypt module manually:

    sudo modprobe dm-crypt
    
  4. Now make the partition encrypted:

    $ sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sda1
    
    WARNING!
    ========
    This will overwrite data on /dev/sda1 irrevocably.
    
    Are you sure? (Type uppercase yes): YES
    Enter LUKS passphrase:
    Verify passphrase:
    Command successful.
    

    If you get the error:

    Failed to setup dm-crypt key mapping.
    Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/sda1 contains at least 133 sectors.
    

    Make sure that the disk isn’t mounted. And make sure you are using the right device. You can use dmesg to check which device the disk have been assigned. You might also wanna check that the the module dm-crypt is loaded (lsmod | grep dm).

  5. Now attach the encrypted partition.:

    $ sudo cryptsetup luksOpen /dev/sda1 sda1
    Enter LUKS passphrase:
    key slot 0 unlocked
    Command successful.
    
  6. Now create a filesystem on the new encryptet device:

    sudo mkfs.ext3 /dev/mapper/sda1
    
  7. Remove the tempoary device mapped to the encrypted partition:

    sudo cryptsetup luksClose sda1
    
  8. Now remove the your usbdisk from the USB plug, and reinsert it and Ubuntu should find it and ask for the passphrase.

Update: I tried to insert my USB pen into a Ubuntu Dapper (which this guide also would work on I guess). I just thought it was cool that is atcually told me which package it needed to for it to work:

Creative Commons License
Encrypted USB drive in Ubuntu by Jacob Emcken is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.