jump to navigation

Use an Encrypted USB drive/partition January 24, 2006

Posted by Carthik in applications, snippets, ubuntu.
trackback

Martin Pitt, an Ubuntu developer, had written up a little note on how to use encrypted partitions with Ubuntu. I reproduce it below with minimal edits:

To create an encrypted partition on a removable device (like an USB stick), do the following:

* Install the package ‘cryptsetup’.
* If you do not want to encrypt the whole stick, repartition the stick with “sudo cfdisk /dev/sda” (or whichever device). E. g. my personal USB stick has a big unencrypted partition for data exchange and a very small (5 MB) encrypted partition for storing my GPG and SSH keys.
* Create an encrypted partition on the target partition:
sudo luksformat /dev/sda1
(or sda2 if you want to format the second partition, and so on).
This will ask you for a passphrase. The default file system is “vfat”, but you can specify a different one with the “-t” option (see manual page).

After this procedure, remove the stick and plug it in again. This should trigger a dialog which asks you for the passphrase and mounts the encrypted partition (along with any unencrypted one, of course).

Just a little warning at the end: Please be aware that if you lose the passphrase, there is *NO WAY* to restore your data!

Comments»

1. TFP - January 24, 2006

The only way to decrypt this partition is on Linux, or is it possible via Cygwin, too?
Would appreciate your answer.

Greetings

2. Darren - January 24, 2006

Like TFP, I would need a way to access this encrypted partition on non-Linux systems, including Windows (one the main reasons I use a USB drive) and OpenBSD. I have settled for keeping individual files symmetrically encrypted on my drive, and including a static copy of GPG for each of the OSes I will use on the drive as well. A much less transparent solution, of course, but more universally applicable.

3. ubuntonista - January 24, 2006

Darren, TFP, You can use FreeOTFE to access the drive from Windows. i have heard that OTFE has a portable mode where the utility is stored on your USB drive, and then it can also use the securetray to work.

4. TFP - January 24, 2006

Thx a lot ubuntonista, will have a look at it.

5. unixfag - February 20, 2006

Check out truecrypt. Nice system, and with a Windows EXT2 driver you don’t have to worry about FAT filesize restrictions.

http://www.truecrypt.org/

6. Georgie-o - May 30, 2006

I tried all the steps and got tot he point of selecting a password. This is the error I got. Any help on what I’m doing wrong?

Thanks

Unable to obtain sector size for /dev/sda2Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/sda2 contains at least 133 sectors.
Failed to write to key storage.
Command failed.Could not create LUKS device /dev/sda2 at /sbin/luksformat line 53.

7. Nick - June 4, 2006

Georgie-o … Ensure that /dev/sda1 (in your example) is not already mounted.

8. Jaki - July 24, 2006

I tried this with 6.06 and it works fine, but I can’t unmount the partition (by right-clicking the icon). It tells me “/media/usbdisk/ is not in the fstab (and you are not root)”. Is there any way I can unmount it as a user this way? I could make my own Icons with little scripts and matching sudo-entries, but I’d prefer the it the other way since there are also other poeple working on the PC that might be confused…

9. Tobias - August 28, 2006

I have the same problem unmounting the usb pen with ubuntu 6.06 under Gnome. I would like ton umount the usb pen as a user. Any hints?

10. Fabián Rodríguez » Alarme de feu: êtes-vous prêts ? 5 questions à se poser. - October 5, 2006

[…] Vos données sur le laptop sont-elles chiffrées ? Pensez aux pompiers qui partiront avec la machine Quelques pistes avant de faire un vrai billet à ce sujet: sur ce site on en liste plusieurs, personellement je suggère Free OTFE ou TrueCrypt si vous utilisez Windows. Avec Ubuntu, utiliser une clé USB chiffrée est vraiment simple. À suivre! […]

11. Jorge - November 13, 2006

On my system I also needed these modules loaded (add to /etc/modules for boot loading): dm_mod, dm_crypt, aes,
and sha256.

12. Encryption, USB Drive, Ubuntu, Windows, and You! at elwoodicious - May 24, 2007

[…] cribbed from carthik’s post at Ubuntu Blog and from FreeOTFE’s solid […]

13. James - June 22, 2007

This works very nicely for me.

I was going to ask how to mount this from the command line, but I just figured it out. (It wouldn’t mount when I was missing iocharset=utf8 )

# sudo cryptsetup luksOpen /dev/sda2 usbkey
# sudo mount -t vfat /dev/mapper/usbkey /mnt/secret -o rw,noexec,nosuid,nodev,quiet,shortname=mixed,uid=1001,gid=1001,umask=077,iocharset=utf8

I still cannot figure out how to open it in windows with FreeOTFE. Any hints?

14. saurabh - April 4, 2008

Hi

Everything works fine till i have started to use the encrypted vol. I entered the passphrase and it says

“Error org.freedesktop.Hal.Device.Volume.Crypto.SetupError
/dev/sdb is already setup?”

I am newbie… will anyone guide me please.

15. Ubuntu-Ork - September 17, 2008

I tried installing an almost completely encrypted system on a USB harddrive, and it almost always won’t boot.

/boot : unencrypted
dm_crypt volume with partitions: /, /home, swap

Almost every time I try to boot, it won’t even get to the stage where it asks for the passphrase, and instead, it complains it cannot find the volume by its UUID, but the UUID is correct.

I believe this is an issue with the combination of USB and encryption, as it does not occur when using either one of them.

16. Gus Hauptfleisch - September 28, 2008

the way I see it is as such (someone please correct me if wrong).
The encrypted drive does not automatically get assigned a device name (eg /dev/sdc) until authentication has been completed – otherwise you would simply be able to mount the drive in the correct file system and read the data – defeats the object. So authentication
So the procedure is as follows
1)insert the hardware (quite obvious)
2)find the hardware is plugged in and appears in fdisk -l
3) terminal open with
cryptsetup luksOpen /dev/sdX diskname OR
3) find the encrypted ID of the hardware under /dev/mapper and (in a terminal)
4)cryptsetup luksOpen /dev/sdX resultofdevmapper (you should be challenged for your password you used at point of drive encryption)
5) now mount it as follows
sudo mount -t fstype /dev/mapper/resultofdevmapper /place/to/mount
6) sounds too easy – even typing it?
let me know if this was helpful at all?
regards

17. spielwiese. » Blog Archive » backups, again. - August 27, 2009

[…] laptop, and no backup. in case something goes terribly wrong, i’m screwed. i just created an encrypted partition on the disk; this is really pretty easy and not much command line typing is required, in particular […]

18. porno sikiş - September 27, 2010

Thx a lot ubuntonista, will have a look at it.

19. sex sikiş - September 28, 2010

I tried this with 6.06 and it works fine, but I can’t unmount the partition (by right-clicking the icon). It tells me “/media/usbdisk/ is not in the fstab (and you are not root)”. Is there any way I can unmount it as a user this way? I could make my own Icons with little scripts and matching sudo-entries, but I’d prefer the it the other way since there are also other poeple working on the PC that might be confused…

20. Best Crib Mattress - March 29, 2011

Thank you for any other informative blog. Where else may just I am getting that kind of info written in such an ideal way? I have a project that I am simply now working on, and I have been on the glance out for such information.

21. Hollis - July 26, 2013

Everything is very open with a clear explanation of the issues.
It was truly informative. Your website is very useful.

Thank you for sharing!

22. en el saber - August 9, 2014

Estos son realmente realidad sobre . Usted ha tocado algunos bonitas agradables Factores aquí.
Cualquier forma mantenerse wrinting .

23. spela slots gratis - August 16, 2014

I’m really enjoying the theme/design of your web site.

Do you ever run into any browser compatibility issues? A small number of my blog audience have
complained about my website not working correctly in Explorer but looks great in Opera.
Do you have any ideas to help fix this issue?

24. haga clic a traves de la siguiente pagina web - September 19, 2014

Hola ! Simplemente gustaría usted un dar enormes para su excelentes que tienes aquí aquí en este blog .

Estaré volver a su sitio web más pronto.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: