How do you create a software-encrypted USB then ? I've not done a live USB before .. I would like to move OpenBSD to a USB-system.
First: choose a Live distribution or operating system. I find Knoppix and Porteus to be good options.
Second: Read the distribution documentation. Each distribution has it's own way of doing things. Install it to the USB by the methods the documentation provide, it is not that mysterious... if you are having trouble, you can order a Knoppix USB drive from a store.
Third: Set up the encrypted filesystem. Every distribution has it's own way.
IN KNOPPIX, THE METHOD IS:
Get a Knoppix CD/DVD and boot it in a computer.
Plug an USB device and search for the Live USB creator tool. Launch it as root and follow the instructions until the installation is over. It can take a lot of time, so don't despair.
Shut everything down. Boot the Live USB. It will ask you if you want to create a file for persistent data: say you do. Then it will ask you if you want to set up AES encryption. Say YES and you are done.
The encrypted filesystem will be loaded every time you boot the USB. You can access the encrypted data from outside also, as the encrypted filesystem is really an ext2 inside of a regular cryptoloop (in /KNOPPIX/knoppix-data.aes).
And you are done. More complex approaches (for better results) are possible, involving Knoppix remastering and such. Cryptoloop is not a perfect solution and it's not considered really great, because it can suffer filesystem errors or be attacked by watermarking. However, if you use a really good password, it should prevent your attackers from retrieving your data easily. I wouldn't bet for a short password in cryptoloop against a Craig super computer, keep that in mind.
Having a Live OpenBSD is just a matter of performing a regular install on a USB, just don't think their encryption schemes are mature. They work but are still a task in progress.