Use an Encrypted USB drive/partition January 24, 2006
Posted by Carthik in applications, snippets, ubuntu.trackback
Martin Pitt, an Ubuntu developer, had written up a little note on how to use encrypted partitions with Ubuntu. I reproduce it below with minimal edits:
To create an encrypted partition on a removable device (like an USB stick), do the following:
* Install the package ‘cryptsetup’.
* If you do not want to encrypt the whole stick, repartition the stick with “sudo cfdisk /dev/sda” (or whichever device). E. g. my personal USB stick has a big unencrypted partition for data exchange and a very small (5 MB) encrypted partition for storing my GPG and SSH keys.
* Create an encrypted partition on the target partition:
sudo luksformat /dev/sda1
(or sda2 if you want to format the second partition, and so on).
This will ask you for a passphrase. The default file system is “vfat”, but you can specify a different one with the “-t” option (see manual page).
After this procedure, remove the stick and plug it in again. This should trigger a dialog which asks you for the passphrase and mounts the encrypted partition (along with any unencrypted one, of course).
Just a little warning at the end: Please be aware that if you lose the passphrase, there is *NO WAY* to restore your data!
Ubuntu Blog 
The only way to decrypt this partition is on Linux, or is it possible via Cygwin, too?
Would appreciate your answer.
Greetings
Like TFP, I would need a way to access this encrypted partition on non-Linux systems, including Windows (one the main reasons I use a USB drive) and OpenBSD. I have settled for keeping individual files symmetrically encrypted on my drive, and including a static copy of GPG for each of the OSes I will use on the drive as well. A much less transparent solution, of course, but more universally applicable.
Darren, TFP, You can use FreeOTFE to access the drive from Windows. i have heard that OTFE has a portable mode where the utility is stored on your USB drive, and then it can also use the securetray to work.
Thx a lot ubuntonista, will have a look at it.
Check out truecrypt. Nice system, and with a Windows EXT2 driver you don’t have to worry about FAT filesize restrictions.
http://www.truecrypt.org/
I tried all the steps and got tot he point of selecting a password. This is the error I got. Any help on what I’m doing wrong?
Thanks
Unable to obtain sector size for /dev/sda2Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/sda2 contains at least 133 sectors.
Failed to write to key storage.
Command failed.Could not create LUKS device /dev/sda2 at /sbin/luksformat line 53.
Georgie-o … Ensure that /dev/sda1 (in your example) is not already mounted.
I tried this with 6.06 and it works fine, but I can’t unmount the partition (by right-clicking the icon). It tells me “/media/usbdisk/ is not in the fstab (and you are not root)”. Is there any way I can unmount it as a user this way? I could make my own Icons with little scripts and matching sudo-entries, but I’d prefer the it the other way since there are also other poeple working on the PC that might be confused…
I have the same problem unmounting the usb pen with ubuntu 6.06 under Gnome. I would like ton umount the usb pen as a user. Any hints?
[…] Vos donnes sur le laptop sont-elles chiffres ? Pensez aux pompiers qui partiront avec la machine Quelques pistes avant de faire un vrai billet ce sujet: sur ce site on en liste plusieurs, personellement je suggre Free OTFE ou TrueCrypt si vous utilisez Windows. Avec Ubuntu, utiliser une cl USB chiffre est vraiment simple. suivre! […]
On my system I also needed these modules loaded (add to /etc/modules for boot loading): dm_mod, dm_crypt, aes,
and sha256.
[…] cribbed from carthik’s post at Ubuntu Blog and from FreeOTFE’s solid […]
This works very nicely for me.
I was going to ask how to mount this from the command line, but I just figured it out. (It wouldn’t mount when I was missing iocharset=utf8 )
# sudo cryptsetup luksOpen /dev/sda2 usbkey
# sudo mount -t vfat /dev/mapper/usbkey /mnt/secret -o rw,noexec,nosuid,nodev,quiet,shortname=mixed,uid=1001,gid=1001,umask=077,iocharset=utf8
I still cannot figure out how to open it in windows with FreeOTFE. Any hints?
Hi
Everything works fine till i have started to use the encrypted vol. I entered the passphrase and it says
“Error org.freedesktop.Hal.Device.Volume.Crypto.SetupError
/dev/sdb is already setup?”
I am newbie… will anyone guide me please.
I tried installing an almost completely encrypted system on a USB harddrive, and it almost always won’t boot.
/boot : unencrypted
dm_crypt volume with partitions: /, /home, swap
Almost every time I try to boot, it won’t even get to the stage where it asks for the passphrase, and instead, it complains it cannot find the volume by its UUID, but the UUID is correct.
I believe this is an issue with the combination of USB and encryption, as it does not occur when using either one of them.
the way I see it is as such (someone please correct me if wrong).
The encrypted drive does not automatically get assigned a device name (eg /dev/sdc) until authentication has been completed – otherwise you would simply be able to mount the drive in the correct file system and read the data – defeats the object. So authentication
So the procedure is as follows
1)insert the hardware (quite obvious)
2)find the hardware is plugged in and appears in fdisk -l
3) terminal open with
cryptsetup luksOpen /dev/sdX diskname OR
3) find the encrypted ID of the hardware under /dev/mapper and (in a terminal)
4)cryptsetup luksOpen /dev/sdX resultofdevmapper (you should be challenged for your password you used at point of drive encryption)
5) now mount it as follows
sudo mount -t fstype /dev/mapper/resultofdevmapper /place/to/mount
6) sounds too easy – even typing it?
let me know if this was helpful at all?
regards
[…] laptop, and no backup. in case something goes terribly wrong, i’m screwed. i just created an encrypted partition on the disk; this is really pretty easy and not much command line typing is required, in particular […]
Thx a lot ubuntonista, will have a look at it.
I tried this with 6.06 and it works fine, but I can’t unmount the partition (by right-clicking the icon). It tells me “/media/usbdisk/ is not in the fstab (and you are not root)”. Is there any way I can unmount it as a user this way? I could make my own Icons with little scripts and matching sudo-entries, but I’d prefer the it the other way since there are also other poeple working on the PC that might be confused…
Thank you for any other informative blog. Where else may just I am getting that kind of info written in such an ideal way? I have a project that I am simply now working on, and I have been on the glance out for such information.
Everything is very open with a clear explanation of the issues.
It was truly informative. Your website is very useful.
Thank you for sharing!
Estos son realmente realidad sobre . Usted ha tocado algunos bonitas agradables Factores aquí.
Cualquier forma mantenerse wrinting .
I’m really enjoying the theme/design of your web site.
Do you ever run into any browser compatibility issues? A small number of my blog audience have
complained about my website not working correctly in Explorer but looks great in Opera.
Do you have any ideas to help fix this issue?
Hola ! Simplemente gustaría usted un dar enormes para su excelentes que tienes aquí aquí en este blog .
Estaré volver a su sitio web más pronto.