The other day I though I had lost my USB drive, a janky Kingston 1GB stick with no keychain holder that is temporarily replacing my burned out JumpDrive Sport. Deep sets of panic waves overtook me for most of the morning as I wracked my brain and retraced my steps trying to remember where I could have left it or dropped it. The reason that I was panicking was that I carry some quasi-sensitive data on there like the household budget and short stories I’m working on. No bank numbers or SSNs, just stuff that I don’t want people seeing.
Well, I did end up finding the drive wedged in the back seat of Management’s car but I learned an important lesson: if you are going to carry important data with you back it up and encrypt it. I already have the backup part down and have been doing it ever since my first USB drive crapped out on me and I lost piles of data but encryption was something I never got around to until now. The challenge is that I use Ubuntu at home (100% Windows free as of 60 days ago!) and by day I play at being a Windows sysadmin so I need a solution that works cross platform.
My first visit was to the TrueCrypt folks and while they make a fine product that for all intents and purposes worked well on my work box but completely borked the drive for my laptop. So I decided to approach the task from the Linux side looking for native solutions that had counterparts in the Windows world and LUKS plus FreeOTFE did the trick with a minimum of fuss.
On the Ubuntu side:
- Grab cryptsetup and cryptmount: sudo apt-get install cryptsetup cryptmount
- Wipe the disk or make some partitions: sudo cfdisk /dev/sdb [NOTE: check your drive's actual path with dmesg as you don't want to be wiping something like your primary drive]
- Create an encrypted partition: sudo luksformat /dev/sdb [NOTE: pick a passphrase that you can remember because if you forget it kiss your data goodbye]
Now, because I’m plain lazy I rebooted to get the modules running that are related to reading the new encrypted volume but after that when I popped my drive in it asked for my passphrase and then mounted it for me to work on it to my heart’s delight.
On the Windows side:
- Plug in the USB drive and go to Computer Management >> Disk Management, find the drive, and remove the assigned drive letter, FreeOTFE will assign a free letter to the drive when it mounts it
- Get a copy of FreeOTFE
- Unzip it into a directory and start it in Portable Mode
- File >> Linux Volume >> Mount partition and enter your passphrase
- Enjoy!
Pretty straight forward.
Gratefully cribbed from carthik’s post at Ubuntu Blog and from FreeOTFE’s solid documentation.
Thank you for mentioning me in the Credits.
Anytime! It was a great post that laid out what I needed to do.
you are my latest GOD
you solved my EXACT problem
Glad my post was helpful!
Hello
I am the same guy who accepted u as god
On ground i am unable to the stuff…i am experimenting with an old 128 mb thumb-drive
step 1 of cfdisk goes fine but at the end it says something like: re-read of tables failed. reboot to….
so i reboot.
now the following happens
can u tell me where am i going wrong?
esbee@esbee-laptop:~$ sudo luksformat /dev/sdb
Error: device mounted: /dev/sdb
esbee@esbee-laptop:~$ sudo luksformat /dev/sdb2
Creating encrypted device on /dev/sdb2…
WARNING!
========
This will overwrite data on /dev/sdb2 irrevocably.
Are you sure? (Type uppercase yes): yes
Command failed.
Could not create LUKS device /dev/sdb2 at /usr/sbin/luksformat line 58, line 20.
esbee@esbee-laptop:~$
esbee@esbee-laptop:~$
cfdisk says this at this moment
cfdisk (util-linux-ng 2.13)
Disk Drive: /dev/sdb
Size: 130023424 bytes, 130 MB
Heads: 32 Sectors per Track: 32 Cylinders: 248
Name Flags Part Type FS Type [Label] Size (MB)
——————————————————————————
sdb1 Boot Primary Linux 9.97
sdb2 Primary Linux 19.93
Pri/Log Free Space 100.14
[Bootable] [ Delete ] [ Help ] [Maximize] [ Print ]
[ Quit ] [ Type ] [ Units ] [ Write ]
Toggle bootable flag of the current partition
Hmmm… For luks to work I had to unmount the drive and I went ahead and used cfdisk to wipe all the partitions. After that everything worked like a charm (1GB Kingston Data Traveler).
Let me know if that does it for you…
Hi
Everything works fine till i have started to use the encrypted vol. I entered the passphrase and it says
“Error org.freedesktop.Hal.Device.Volume.Crypto.SetupError
/dev/sdb is already setup?”
I am newbie… will anyone guide me please.
Look at the output of your command from luksformat, it says “Are you sure? (Type uppercase yes):”. You typed “yes”, shouldn’t it be “YES”?
Regards,
Oh, and thanks to the two individuals in the above posts for helping me figure out how to encrypt a spare drive I have! Now I just wish I had some confidential data!
Is there any file size limits?
Got “file too large” when copying a large files (5.1/5.3 Gb) to uksformat formattet usb harddisk.
Ok, I can see that the problem is fat32:
/dev/mapper/luks_crypto_f7de6d63-aa8d-4754-91e6-dbd35d8b65e2
302547920 87332688 215215232 29% /media/disk
filesystem vfat (FAT32)
cfdisk: 1 primar partition linux ext3 309961,46 Mb
Where did Fat32 came from ?
You can change that in cfdisk by selecting Linux Extended, I believe… I’d need to dig up a flash drive to test it though.
Used windows to format partition to ntfs, but it would be nice to get linux commands … :=)
I am trying to copy 170 Gb from one luks/ntfs formattet usb disk to an other luks/ntfs formattet disk (ubuntu 8.10).
First try gave copy error, and lost connections to the two usb drives. Couldn’t reconnect. Couldn’t soft restart ubuntu.
“lost page write due to I/O error on dm-0″ errors in /var/log/messages.
Second try after hard restart in progress. 3½ hours left …
Copying 170 Gb between to luks/ntfs formattet disk with success, including 4 > 4 Gb files. Transparent in linux and windows.
Set drive name and re-formatted to ntfs in windows.
Let my known if you known linux commands for that ntfs formatting and setting drive name.
Thank you :=)
[...] Acknowledgment Those 2 articles greatly helped me find my way around the problem:Encryption, USB Drive, Ubuntu, Windows, and You! [...]
This seems to be a good cross platform alternative to TrueCrypt. My only concern is that this may not be a true “portable” solution as FreeOTFE is required to be installed in any Windows machine you are using in order to access the encrypted file/volume. In other words, if you are at a friends house you can not access the USB Drive without obtaining Administrative privileges and then installing FreeOTFE.
Even if you had Administrative rights you would need to download FreeOTFE from the internet as you would not be able to transfer it off of the USB Drive as it is in a format that Windows does not recognize (without help from FreeOTFE that is). If you try to have multiple partitions on the USB Drive so that on partition is FAT 32 so that you can have FreeOTFE Portable, you still have problems as Windows does not like to have more than on partition of a USB Drive and will not read the drive at all.
Is there any workaround for this so that you can have a truly cross platform encryption that can work with both Ubuntu and Windows and will allow you to use a computer that is not your own which would not require Administrative rights?
Thanks.
Steve
Well, if I remember correctly the reason I originally went with FreeOTFE was the “portable” mode which allowed me decrypt and mount the volume on a locked down Windows machine. I had used it back when I was doing Windows support at my old job but I’ve been out of that job and 100% Windows free I’m not sure if that holds up under Vista or 7. That said, the FreeOTFE site still advertises it as a truly portable solution:
As for the partitions, I went the route of encrypting the whole device rather than just a slice of it. At the time it just seemed easier even if it was overkill. :-/
As an alternate solution, you could go with GPG which offers a portable solution. Off the top of my head you zip a directory of files that you might need then encrypt that file and store it on your thumb drive with GPG2Go; I haven’t tried that so your mileage may vary.
Thanks for the reply. As an update, I wound up making two partitions, one encrypted with LUKS by Ubuntu and the other just holding FreeOTFE so that I can use it at a Windows XP machine. It is not truly portable as you need Administrator rights in Windows with FreeOTFE. I could not use FreeOTFE Explorer as it does not yet have the functionality to mount Linux partitions (the website says it is coming).
All works well so I am happy for the moment.
GPG was not a portable option for me as it runs on Windows only
You directions helped tremendously. Thanks again
Steve, RE LUKS & FreeOTFE
How did you get Windows to recognize the second (encrypted) partition on Windows? I find that Windows just assigns a drive letter to the first (unencrypted) partition, and FreeOTFE won’t mount the second partition without a drive letter. Did you have this problem and find a workaround?