USB flash drives have become common day to data transportation media today. Windows supports disk drive encryption with BitLocker. LUKS with dm-crypt can be used used an alternative to BitLocker in Linux. Following steps can be used encrypt USB drive. Flash drive in encrypted in Gnome desktop in fedora. It was tested and working on KDE,Unity and Cinnamon with Ubuntu and Linux Mint.
Warning: All data in the drive will be lost during this operation.
Step 1: Plug the USB drive. Open the Disks. Select the USB drive.
Step 2: If USB drive is mounted, click on the stop button as in above picture and unmount it with using Disks.
Step 3: After unmounting click 'More Options' Cog wheel icon and select format.
Step 4: Select LUKS + Ext4 option. And provide a good passphrase.
Step 5: Click format and let the formatting proceed. You may require the super user password.
Step 6: After formatting is done you can see the USB drive partition layout as follows. Then eject the USB drive and remove it physically.
Step 7: Plug back the USB drive and you will be asked for the Passphrase. You can keep it remember if you wish. Then drive will be mounted.
Extra Tip: Reformat internal mapper in to FAT32 which will act as LUKS+FAT32. This will much flexible if the drive is shared between mutiple users.
Following command can be used to obtain cryptographic information about device.
cryptsetup -v status mappername
[kasun@localhost ~]$ sudo cryptsetup -v status luks-b8a16eb7-683e-4aad-a025-732ce99336aa
/dev/mapper/luks-b8a16eb7-683e-4aad-a025-732ce99336aa is active and is in use.
type: LUKS1
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sdb1
offset: 4096 sectors
size: 15181761 sectors
mode: read/write
Command successful.
[kasun@localhost ~]$
AES with key size 256 bits is a very good encryption. BitlLocker using same encryption with 128bits or 256 bits key.
No comments:
Post a Comment