The other day I though I had lost my USB drive, a janky Kingston 1GB stick with no keychain holder that is temporarily replacing my burned out JumpDrive Sport. Deep sets of panic waves overtook me for most of the morning as I wracked my brain and retraced my steps trying to remember where I could have left it or dropped it. The reason that I was panicking was that I carry some quasi-sensitive data on there like the household budget and short stories I’m working on. No bank numbers or SSNs, just stuff that I don’t want people seeing.
Well, I did end up finding the drive wedged in the back seat of Management’s car but I learned an important lesson: if you are going to carry important data with you back it up and encrypt it. I already have the backup part down and have been doing it ever since my first USB drive crapped out on me and I lost piles of data but encryption was something I never got around to until now. The challenge is that I use Ubuntu at home (100% Windows free as of 60 days ago!) and by day I play at being a Windows sysadmin so I need a solution that works cross platform.
My first visit was to the TrueCrypt folks and while they make a fine product that for all intents and purposes worked well on my work box but completely borked the drive for my laptop. So I decided to approach the task from the Linux side looking for native solutions that had counterparts in the Windows world and LUKS plus FreeOTFE did the trick with a minimum of fuss.
On the Ubuntu side:
- Grab cryptsetup and cryptmount: sudo apt-get install cryptsetup cryptmount
- Wipe the disk or make some partitions: sudo cfdisk /dev/sdb [NOTE: check your drive's actual path with dmesg as you don't want to be wiping something like your primary drive]
- Create an encrypted partition: sudo luksformat /dev/sdb [NOTE: pick a passphrase that you can remember because if you forget it kiss your data goodbye]
Now, because I’m plain lazy I rebooted to get the modules running that are related to reading the new encrypted volume but after that when I popped my drive in it asked for my passphrase and then mounted it for me to work on it to my heart’s delight.
On the Windows side:
- Plug in the USB drive and go to Computer Management >> Disk Management, find the drive, and remove the assigned drive letter, FreeOTFE will assign a free letter to the drive when it mounts it
- Get a copy of FreeOTFE
- Unzip it into a directory and start it in Portable Mode
- File >> Linux Volume >> Mount partition and enter your passphrase
- Enjoy!
Pretty straight forward.
Gratefully cribbed from carthik’s post at Ubuntu Blog and from FreeOTFE’s solid documentation.
Thank you for mentioning me in the Credits.
Anytime! It was a great post that laid out what I needed to do.
you are my latest GOD
you solved my EXACT problem
Glad my post was helpful!
Hello
I am the same guy who accepted u as god
On ground i am unable to the stuff…i am experimenting with an old 128 mb thumb-drive
step 1 of cfdisk goes fine but at the end it says something like: re-read of tables failed. reboot to….
so i reboot.
now the following happens
can u tell me where am i going wrong?
esbee@esbee-laptop:~$ sudo luksformat /dev/sdb
Error: device mounted: /dev/sdb
esbee@esbee-laptop:~$ sudo luksformat /dev/sdb2
Creating encrypted device on /dev/sdb2…
WARNING!
========
This will overwrite data on /dev/sdb2 irrevocably.
Are you sure? (Type uppercase yes): yes
Command failed.
Could not create LUKS device /dev/sdb2 at /usr/sbin/luksformat line 58, line 20.
esbee@esbee-laptop:~$
esbee@esbee-laptop:~$
cfdisk says this at this moment
cfdisk (util-linux-ng 2.13)
Disk Drive: /dev/sdb
Size: 130023424 bytes, 130 MB
Heads: 32 Sectors per Track: 32 Cylinders: 248
Name Flags Part Type FS Type [Label] Size (MB)
——————————————————————————
sdb1 Boot Primary Linux 9.97
sdb2 Primary Linux 19.93
Pri/Log Free Space 100.14
[Bootable] [ Delete ] [ Help ] [Maximize] [ Print ]
[ Quit ] [ Type ] [ Units ] [ Write ]
Toggle bootable flag of the current partition
Hmmm… For luks to work I had to unmount the drive and I went ahead and used cfdisk to wipe all the partitions. After that everything worked like a charm (1GB Kingston Data Traveler).
Let me know if that does it for you…
Hi
Everything works fine till i have started to use the encrypted vol. I entered the passphrase and it says
“Error org.freedesktop.Hal.Device.Volume.Crypto.SetupError
/dev/sdb is already setup?”
I am newbie… will anyone guide me please.
Look at the output of your command from luksformat, it says “Are you sure? (Type uppercase yes):”. You typed “yes”, shouldn’t it be “YES”?
Regards,
Oh, and thanks to the two individuals in the above posts for helping me figure out how to encrypt a spare drive I have! Now I just wish I had some confidential data!
Is there any file size limits?
Got “file too large” when copying a large files (5.1/5.3 Gb) to uksformat formattet usb harddisk.
Ok, I can see that the problem is fat32:
/dev/mapper/luks_crypto_f7de6d63-aa8d-4754-91e6-dbd35d8b65e2
302547920 87332688 215215232 29% /media/disk
filesystem vfat (FAT32)
cfdisk: 1 primar partition linux ext3 309961,46 Mb
Where did Fat32 came from ?
You can change that in cfdisk by selecting Linux Extended, I believe… I’d need to dig up a flash drive to test it though.
Used windows to format partition to ntfs, but it would be nice to get linux commands … :=)
I am trying to copy 170 Gb from one luks/ntfs formattet usb disk to an other luks/ntfs formattet disk (ubuntu 8.10).
First try gave copy error, and lost connections to the two usb drives. Couldn’t reconnect. Couldn’t soft restart ubuntu.
“lost page write due to I/O error on dm-0″ errors in /var/log/messages.
Second try after hard restart in progress. 3½ hours left …
Copying 170 Gb between to luks/ntfs formattet disk with success, including 4 > 4 Gb files. Transparent in linux and windows.
Set drive name and re-formatted to ntfs in windows.
Let my known if you known linux commands for that ntfs formatting and setting drive name.
Thank you :=)
[...] Acknowledgment Those 2 articles greatly helped me find my way around the problem:Encryption, USB Drive, Ubuntu, Windows, and You! [...]