jump to navigation

Create an encrypted partition/usb disk December 2, 2009

Posted by claudio in Uncategorized.
Tags: , ,
trackback

Update 2010/04/30: Addition for the new KB drives.
Update 2012/03/18: up to date with Ubuntu 11.10.

If you are like me and use a laptop as your main computer, you will run out of space very soon. USB disks are a great alternative to store your photography or music collection or, simply, files you don’t use everyday. I always keep backups off-site (a USB disk) and I want to have those encrypted. This is what I did (open a shell):

  1. Install the cryptography software:
    sudo apt-get install cryptsetup
  2. Write some random data to your disk (we will assume it’s called /dev/sdx, type “dmesg” after inserting the disk to figure out the device, or if it’s windows formatted and automounted have a look at the output of “mount”):
    sudo dd if=/dev/random of=/dev/sdx bs=4K
    This will taken a long time, at least a few days (create some IO). A good -shorter- compromise (a day) will be:
    sudo badblocks -c 10240 -s -w -t random -v /dev/sdx
  3. Create a new Linux partition table with cfdisk (create new partition table if asked, chose New and assign all the disk, use a primary partition).
    sudo cfdisk /dev/sdx
  4. Setup a partition using fdsik (compatible with the new 4KB block size drives):
    sudo fdisk -uc /dev/sdxCommand (m for help): d
    Selected partition 1Command (m for help): n
    Command action
    e   extended
    p   primary partition (1-4)
    p
    Partition number (1-4): 1
    First sector (2048-2930277167, default 2048):
    Using default value 2048
    Last sector, +sectors or +size{K,M,G} (2048-2930277167, default 2930277167):
    Using default value 2930277167

    Command (m for help): t
    Selected partition 1
    Hex code (type L to list codes): 83

    Command (m for help): p

    Disk /dev/sdx: 1500.3 GB, 1500301910016 bytes
    81 heads, 63 sectors/track, 574226 cylinders, total 2930277168 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0x4fabbfc4

    Device Boot      Start         End      Blocks   Id  System
    /dev/sdx1            2048  2930277167  1465137560   83  Linux

    Command (m for help): w
    The partition table has been altered!

    Calling ioctl() to re-read partition table.
    Syncing disks.

  5. Create the encrypted partition. Make the paraphase long and difficult to guess:
    sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdx1 -c aes-cbc-essiv:sha256
  6. Create a filesystem (I am using ext4, the chose device and label name is “disk5″, change it to your taste):
    sudo cryptsetup luksOpen /dev/sdx1 disk5
    sudo mkfs.ext4 /dev/mapper/disk5 -L disk5
    sudo cryptsetup luksClose disk5
  7. Mount it going to “Computer” in Nautilus, double clicking the disk and inserting your paraphrase. I chose not let Gnome store the encrypting paraphrase for automounting as it would make encryption as weak as your system password (and we know how to retrieve/change those)…

That’s it!

About these ads

Comments»

1. Paul Cobbaut - December 2, 2009

“sudo dd if=/dev/zero of=/dev/sxx bs=4K” for certain values of random ;-)

i think you mean if=/dev/random

2. claudio - December 2, 2009

Thanks Paul. I adapted the howto.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 142 other followers

%d bloggers like this: