|
Data security is an area that people are becoming increasingly aware of. Between companies losing customer details, and the growing risk of identity theft, its becoming increasingly important that removeable media be encrypted. So how does one go about creating an encrypted hard drive/USB stick on Linux? This article will take you through it step by step. The instructions are most relevant to (K)Ubuntu but should work on most distributions. In order to create and access the encrypted partition, you'll need cryptsetup. On (K)Ubuntu you can install it by running sudo apt-get install cryptsetup Connect the USB device, now we need to know the device node so check the kernel log dmesg You're looking for something like sdb or sdc (We'll assume it's sdb). We now want to fill the disk with random data in order to help improve the security of your encrypted partition (bury the random data in random data in other words). Note: If you're using Flash Memory (i.e. a USB Stick), you may wish to consider skipping this step in order to protect the write life of your device sudo badblocks -c 10240 -s -w -t random -v /dev/sdb This may take a while, the system will check for bad blocks on your disk. It'll then overwrite each block with random data. Next we need to create a filesystem. So run fdisk /dev/sdb This will take you into fdisk, enter the following n p 1 [ENTER] [ENTER] w The partition has now been created and written to the disk. Now we need to encrypt the partition, but first there are a list of modules that we need to make sure are loaded. So; sudo -s [PASSWORD] modprobe dm-crypt modprobe sha256 modprobe aes exit Now we need to encrypt the partition, we are going to use a password as the key so make sure you use a strong password (aim for a minimum of 8 characters, letters and numbers, upper and lowercase) sudo cryptsetup --verify-passphrase luksFormat /dev/sdb1 -c aes -s 256 -h sha256 The system will ask you to verify the password to prevent mistakes. Make sure you do not lose/forget the password, there is no 'backdoor' if you lose the key you will not be able to access your data. The command above uses a 256 bit AES algorithm, which is currently considered computationally secure. This means that even with a supercomputer the time and effort needed to crack the code is prohibitive. That said, the algorithm is only as good as the password that you set, so make sure it was good and strong. Now that we have created the encrypted partition, we need to make it usable. First the device needs to be mapped to a node in dev, so run sudo cryptsetup luksOpen /dev/sdb1 MySecuredDrive You can use a different name if you wish, however this article will continue to use MySecuredDrive So the state of play is, we have an encrypted partition mapped to a node on our system. Now all we need is a useable filesystem. sudo mkfs -t ext3 -m 1 -O dir_index,filetype,sparse_super /dev/mapper/MySecuredDrive You've now created an encrypted filesystem!! In order to use the drive, simply plug it into the USB port of the computer again. On (K)Ubuntu, the system will ask for the password. Once you've entered this the filesystem will be mounted and you can write to it as if it was a standard device. Files are encrypted on the fly so there'll be no increase in unmount times. References: Ubuntu Help for reminders of the steps I forgot |
|
This page contains a Benscomputer.no-ip.org Premium Article and is copyright Ben Tasker. No reproduction, distribution or adaption is permitted without express written authorisation being given in advance. If you would like to use this article, please use the Article Use option of the Contact Me form to request permission (please ensure you include contact details). |
||
All Images operate under a seperate license Please read this page for more information. The Full Image License can be read here |
|