Encrypting the usb flash drive
Hi all,
i want to encrypt the data stored on the usb mass storage device( sector wise ), but i cannot figure out where to start digging. i have tried to search in devio.c and hcd.c in /usr/src/kernel/drivers/usb/core but with no success :( can anyone please tell me where should i look for getting the data encrypted in the usb mass storage device. thanks in advance |
I uses GPG manually to encrypt my files.
|
If you want to encrypt the complete disk, you need
*Kernel >=2.6.4 (>=2.6.10 for better security) *BLK_DEV_DM and DM_CRYPT options enabled in the kernel *cryptsetup utility /dev/sda being your usb key: Verify disk and put random data (for security on known clear text attacks): Code:
/sbin/badblocks -s -w -t random -v /dev/sda Code:
luksformat -t ext2 /dev/sda Code:
mkdir /media/cdisk1 Link it with a device mapper, put this in /etc/fstab: Quote:
Quote:
Code:
cryptsetup luksOpen /dev/sda cdisk1 Code:
umount /media/cdisk1 On next reboot, /etc/init.d/cryptdisks (in case it is installed by cryptsetup) will look in /etc/crypttab, ask you for the password and mount the disk in /media/cdisk1 Alternatively to mount it you can use pmount. The first argument is the partition or disk, the second is a label you choose (it can be different from above) Code:
pmount /dev/sda supa_crypt To use pmount on a non-removable media (eg. /dev/hda6 below), you have to allow this device to be "pmounted": Quote:
If your HAL and udev is configured correctly and your Window manager is HAL-aware, just plug in the usb key and a popup appears to ask you the password. (the media will be mounted in /media/sda in this case, the label is the partition name) And here are other links: https://www.debian-administration.org/articles/428 https://www.debian-administration.org/articles/469 https://www.debian-administration.org/articles/179 http://cvs.lp.se/doc/cryptsetup/usbcrypto.hotplug.gz http://cvs.lp.se/doc/cryptsetup/ <- you can encrypt the swap, encrypt the full system, etc.. https://www.debian-administration.org/articles/475 <-- truecrypt but it is not standard and not GPL. For it to work, you only need BLK_DEV_DM in the kernel. There are people who have made packages for several distro. |
thank you guys !!!
|
I've tested and updated the post.
|
thanks a lot :) :)
|
I came across this useful thread today. I have one question about this procedure. Will this in any way break the usage of "standard" non-encrypted USB keys?
|
badblocks Considered Harmful
Quote:
As far as I can tell, the need for badblocks-type scanning was only useful for floppy disks and *VERY* old hard disks. "IDE" hard drives, introduced in 1986, were well-entrenched before Linus even created the original ext file system. Certainly by 1996 when e2fsprogs 1.0 was released, modern hard drives were already doing automatic bad-block remapping. When the OS starts seeing bad blocks, it is time to replace the drive. Note also: after following the above steps, you will not be able to boot from the encrypted flash drive. If you want it bootable, you need at least one unencrypted partition. |
RE: Encrypting the usb flash drive
[I deleted post contents]
|
If you have a relatively new Linux kernel, you could probably also use BTRFS with encryption.
|
All times are GMT -5. The time now is 07:57 PM. |