Recently I've been asked by many friends how to secure their data & wallets other stuff on a thumbdrive so I decided to write a quick tutorial how to do it. This is for Linux users, but I can write about how to do it in Windows also. I will demonstrate a USB encryption with LUKS (Linux Unified Key Setup-on-disk-format ) crypt on a Ubuntu machine. The process should be pretty much the same for all Debian derivatives and even on other Linux distributions.
Let's brake down the process in the following steps:
· Get USB & Plug into PC/Laptop
· Download LUKS crypt
· Fill the USB with zero's to prevent data pattern recognition (dd command)
· Format the USB with LUKS · Format again as a Linux partition
· Use and Enjoy your protected USB
Okay. Maybe this was too quick.
1) Install LUKS
$ sudo apt-get install cryptsetup
After installing LUKS, execute command
ls -l /dev/sd*
This will help you see all drives on your pc, not that /dev/sd* are typically hard drives . When you plug into your ThumbDrive you should see a /dev/sdb
2) Plug your Thumb drive into an empty USB slot on your laptop
Execute:
ls -l /dev/sd*
Probably your Thumb should be /dev/sdb1 but it's possible that is /dev/sdc1 or anything else really. We executed the first 'ls' command previosly to check what we have before we plug the Thumb Drive. What appears at the bottom is your Drive
Now lets fill the drive with zero before we format it:
sudo dd if=/dev/zero of /dev/sdb bs=4K
Be patient, this may take a while depending how big is your drive (2 GB, 4GB, 8GB, 16GB...)
This may really take some time. :) So, try first on a 2GB drive.
3) Format the drive.
Ok, suppose your ThumbDrive is /dev/sdb1
Please note here, that the previous command (filling the drive with 0's) we used /dev/sdb [without 1], where here we will use /dev/sdb1 - that's not a mistake. We want to fill the whole drive, but are formatting the 1st partition.
sudo cryptsetup -v -y luksFormat /dev/sdb1
Are you sure? (Type uppercase yes): YES
It asks you to confirm that you want to erase all from your drive. Confirm with uppercase 'YES'
Enter passphrase:
Note here, it says passphrase. A lot of people still use passwords. Password is a WORD. Pass phrase is a phrase. Use a phrase. The longer the better and add numbers, commas, but something you can easyily remember. A couple of verses from an Ancient manuscript? :)
Ok, watch now. 90% of people here will get an error:
Cannot format device /dev/sdb1 which is still in use.
Command failed with code 16: Device or resouce busy
This is happening because your drive is 'mounted' on your system. USB drives are mounted under the /media folder on Linux. You have to unmount it. I will write the command down, just note that the name of your folders may vary but its the same drill.
umount /media/ubuntu/ABD-646D
Now execute the format commad again and type the password. If all goes well, you should see:
Command successful.
Congrats, you have just protected your digital data. Lets now open the partition, verify it and format it (THE LUKS PARTITION)
sudo cryptsetup luksOpen /dev/sdb1 data
Enter passphrase:
Now verify:
sudo cryptsetup -v status data
Ok. No we are good to format it and it would be ready to use.
sudo mkfs.ext4 /dev/mapper/data
After the format is done your LUKS encrypted USB drive is ready. Just close it properly.
Now we are going to create a directory for your secure data.
sudo mkdir /home/$USER/data && mount /dev/mapper/data /home/$USER/data
df -h
And you should see your partition mounted. If everything went well, close:
sudo umount /data
sudo cryptsetup luksClose data
Now you have unmounted and closed your drive. Next time you plugged it in it should ask your for a password, or you can mount it from the command line.
This is a proven method, I did this as I was writing this article. The only problem can be on your side if something goes wrong. There are tons of articles online on this subject. If you read a couple of them youll see that all of them actually say the same but in a slightly different manner. After all, it doesnt matter which right path you take, as long as you get the end result.
Hope this will help someone. You can use this to store your wallet backup for example.
If you want some specific articles, just comment.