Linux - Encrypt Partition / File on Portable Hard Disk & Flash Drive

Environment
  • Ubuntu 9.04

Introduction
Wanna encrypt the portable hard disk & flash drive. Let these are more secure


Procedures
Install the utilities
#apt-get install ntfsprogs
#apt-get install cryptsetup cryptmount

Write the data for encrypting the partition or file. This can be chosen to use
  • Faster, e.g. 19.4MB/s
    #dd if=/dev/zero of=/dev/sdb2 bs=4k
  • Check badblocks and write random data at the same time
    #badblocks -c 10240 -s -w -t random -v /dev/sdb2
  • More secure, also need more time, e.g. 5.3MB/s
    #dd if=/dev/urandom of=/dev/sdb2 bs=4k

For Portable hard disk
#dd if=/dev/zero of=/dev/sdb2 bs=4k
For Flash drive
#dd if=/dev/zero of=/media/4GUF/SecVol01.vol bs=4k count=30000

Now go to encrypt it. For the flash drive, losetup it first
#losetup /dev/loop2 /media/4GUF/SecVol01.vol
Run cryptsetup to set to use which cipher and key size
#cryptsetup --verbose --cipher "aes-cbc-essiv:sha256" --key-size 256 --verify-passphrase luksFormat /dev/sdb2

If wanna find what cipher is supported
#modinfo /lib/modules/`uname -r`/kernel/crypto/* | grep alias
#modinfo /lib/modules/`uname -r`/kernel/crypto/* | grep description
#cat /proc/crypto

After this, can check LUKS header information
cryptsetup luksDump /dev/sdb2

Mount and format the encrypted partition
#cryptsetup luksOpen /dev/sdb2 SecVol01
#mkfs.ntfs -f /dev/mapper/SecVol01
#mount /dev/mapper/SecVol01 /mnt/tmp

Umount the encrypted partition
#umount /mnt/tmp
#cryptsetup luksClose SecVol01
If the flash drive
#losetup -d /dev/loop2

Reference