How to encrypt a USB Drive on Linux Operating System?

How to encrypt a USB Drive and mount it to the filesystem on Linux Ubuntu OS?

Posted by Amritpal Singh on March 24, 2018

In this tutorial, you will learn to encrypt an external USB Drive and how you can mount it on your filesystem. In summary, you will setup a blank USB Drive to be an encrypted drive and you will  learn to map it on your system and perform writing and reading files operations on the USB. We will be using LUKS (Linux Unified Key Setup) which is the default encryption mode on cryptsetup package. LUKS is the standard for Linux hard disk encryption.

Why encrypt your data?
Mainly encryption is used to keep secrecy and privacy.

1. Use the fdisk command to find the device name for your USB Drive:
sudo fdisk -l

The above command lists all partition tables for the specified devices connected on your system. In my case I connected an external 8GB USB Drive on my computer and it showed up as device name /dev/sdb.

2. OPTIONAL: Use the shred command to overwrite random data by 1s and 0s several times on the USB Drive:
sudo shred -v -n 1 /dev/sdb

This way you start off having random data on your USB Drive to begin with.

3. Install cryptsetup package on your system:
sudo apt-get install cryptsetup

You may already have it installed by default on your Ubuntu OS.

4. Set up a new dm-crypt device in LUKS encryption mode:
sudo cryptsetup luksFormat /dev/sdb

You will need you enter the passphrase for your encrypted usb.

5. Open the device and setup mapping with name provided (e.g. USBDrive in this example):
sudo cryptsetup luksOpen /dev/sdb USBDrive

Provide the passphrase you had earlier setup in step 4.

6. Verify the new virtual block device mapper:
ls -arlt /dev/mapper | tail

7. Run ext4 filesystem directly on that device:
sudo mkfs -t ext4 /dev/mapper/USBDrive

8. Mount the device your filesystem:
sudo mount /dev/mapper/USBDrive /USBDrive

9. Verify the the mapper is properly mounted using the df command:
df -h /USBDrive/

10. Success, at this point you can use the filesystem as you normally would, you have an encrypted USB Drive in your hand now.

Additional Notes: Use the following two commands on every reboot to mount and unmount a drive:

Mounting:
sudo cryptsetup luksOpen /dev/sdb USBDrive
Provide your pass phrase:
sudo mount /dev/mapper/USBDrive /USBDrive

Unmounting:
sudo umount /USBDrive
sudo cryptsetup luksClose USBDrive

Resources:
1. http://www.markus-gattol.name/ws/dm-crypt_luks.html


5 Comments

Jay

Thanks for posting this

Joe

Yes thanks

Gustaf

Hi, I followed the guide step by step, but when I reached step 8 and should mount the device on my filesystem I received the following error text: $ sudo mount /dev/mapper/USBDrive /USBDrive mount: /USBDrive: mount point does not exist. Everything have went smooth up until this error. Can you please describe how I successfully can mount the device properly? Thank you very much in advance! Best, Gustaf

Cernael

Gustaf: The mount point needs to be an existing directory on your filesystem. In this case, to resolve the error: mkdir /USBDrive and then try again.

John White

Thank you. I expected snags but this took only a few minutes on CentOS6 and CentOS7. Used yum install rather than apt-get but dirt simple.

Add Comment