The other day I though I had lost my USB drive, a janky Kingston 1GB stick with no keychain holder that is temporarily replacing my burned out JumpDrive Sport. Deep sets of panic waves overtook me for most of the morning as I wracked my brain and retraced my steps trying to remember where I could have left it or dropped it. The reason that I was panicking was that I carry some quasi-sensitive data on there like the household budget and short stories I’m working on. No bank numbers or SSNs, just stuff that I don’t want people seeing.
Well, I did end up finding the drive wedged in the back seat of Management’s car but I learned an important lesson: if you are going to carry important data with you back it up and encrypt it. I already have the backup part down and have been doing it ever since my first USB drive crapped out on me and I lost piles of data but encryption was something I never got around to until now. The challenge is that I use Ubuntu at home (100% Windows free as of 60 days ago!) and by day I play at being a Windows sysadmin so I need a solution that works cross platform.
My first visit was to the TrueCrypt folks and while they make a fine product that for all intents and purposes worked well on my work box but completely borked the drive for my laptop. So I decided to approach the task from the Linux side looking for native solutions that had counterparts in the Windows world and LUKS plus FreeOTFE did the trick with a minimum of fuss.
On the Ubuntu side:
- Grab cryptsetup and cryptmount: sudo apt-get install cryptsetup cryptmount
- Wipe the disk or make some partitions: sudo cfdisk /dev/sdb [NOTE: check your drive's actual path with dmesg as you don't want to be wiping something like your primary drive]
- Create an encrypted partition: sudo luksformat /dev/sdb [NOTE: pick a passphrase that you can remember because if you forget it kiss your data goodbye]
Now, because I’m plain lazy I rebooted to get the modules running that are related to reading the new encrypted volume but after that when I popped my drive in it asked for my passphrase and then mounted it for me to work on it to my heart’s delight.
On the Windows side:
- Plug in the USB drive and go to Computer Management >> Disk Management, find the drive, and remove the assigned drive letter, FreeOTFE will assign a free letter to the drive when it mounts it
- Get a copy of FreeOTFE
- Unzip it into a directory and start it in Portable Mode
- File >> Linux Volume >> Mount partition and enter your passphrase
Pretty straight forward.