Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm wondering what's the most secure way to encrypt a usb flash drive from the command line. The 2 options I've found from searching around are the gpg and cryptsetup commands. I'm leaning towards running "gpg -c /dev/sdb1", because it seems easier. I'm just wondering how strong the encryption will be with the gpg command. I would use a strong password but I'm just wondering how good gpg is for encrypting devices, since it's mostly known for encrypting text and files.
I've never used cryptsetup, so I have no recommendation about that. I use veracrypt to encrypt a USB drive connected to my desktop, and it works well. I can mount it as a regular drive via password, but unmounted it's inaccessible. Gpg is clunkier to use, and doesn't let you mount the drive for use, AFAIK.
I'm wondering what's the most secure way to encrypt a usb flash drive from the command line. The 2 options I've found from searching around are the gpg and cryptsetup commands. I'm leaning towards running "gpg -c /dev/sdb1", because it seems easier. I'm just wondering how strong the encryption will be with the gpg command. I would use a strong password but I'm just wondering how good gpg is for encrypting devices, since it's mostly known for encrypting text and files.
Any other options I should consider?
LUKS/cryptsetup is the more-or-less standard way of encrypting a drive. GPG is, as you said, used to encrypt files. Depending on how paranoid you wish to be, encrypt the device using LUKS and then encrypt the files you really want protected using GPG. It all depends on how paranoid you want to be and what your use case is.
The question involves the level or security. If you are trying to encrypt it to evade a government then you may be out of luck. They have supercomputers that could bypass almost any scheme. This also assumes there isn't some backdoor to the method or flaw to it that is not widely known. At one time GPG was under attack by governments. Suddenly the complains stopped prompting people to assume it wasn't as secure as thought.
For most users I'd think gpg or any of the standard ways would do OK.
I encrypted a flash drive with cryptsetup, using the following command:
Code:
cryptsetup -v luksFormat /dev/sdb1
The encryption worked, but now I'm having all kinds of problems mounting the device. I've tried both command line and my graphical file browser, and it won't mount.
In the dolphin file browser I'm able to enter the password, but then I get this message: "An error occurred while accessing '15.2 GiB Encrypted Drive', the system responded: An unspecified error has occurred: No such interface 'org.freedesktop.UDisks2.Filesystem' on object at path /org/freedesktop/UDisks2/block_devices/dm_2d0"
In the command line I was getting a UUID but now for some reason that's not showing up. It just shows up as sdb1, and when I try
Code:
mount sdb1
it just says "no such file or directory."
For some reason the drive no longer shows up as /dev/sdb1 since I encrypted it, I guess because it won't mount.
Seriously, if it's a flash drive then isn't it mainly for system to system large file transfer? Then you'd need to have the key and decryption mechanism either on the flash drive, or on both (or multiple) systems.
Seriously, if it's a flash drive then isn't it mainly for system to system large file transfer? Then you'd need to have the key and decryption mechanism either on the flash drive, or on both (or multiple) systems.
Physical security is the first level of security.
Thanks but I'm looking for a way to encrypt the flash drive. And no it's not for system to system large file transfer, there are other uses for flash drives.
The purpose of pen-drive encryption is simply to make the device useless to someone else if it drops out of your suitcase. I suggest that you should simply use a filesystem that does the encryption for you as transparently as possible, such that you don't have to enter a password or anything in order to use the drive. To you, it should be "transparently not-obvious" that the content is encrypted at all: "it just works."
If you need to encipher content, use certificate-based GPG, such that it is possible for anyone who's receiving the file to independently verify that the file did come from "you," and that it has not been tampered with. In practice, the "identity verification" capability of these crypto-systems is every bit as important ... if not more so ... than their impenetrability.
It should be "very easy and transparent" for you to encipher files (or e-mail ...) that you send, and to decipher and verify content that you receive. (Even un-protected files should be signed.)
If you make the process "obfuscatory and hard on yourself and your associates," the odds are much higher that someone just won't do it. Or, that they won't do it correctly every time.
Last edited by sundialsvcs; 02-17-2016 at 08:12 AM.
The problem is that after I encrypted the drive with cryptsetup it no longer shows up as /dev/sdb1. This sort of thing always seems to happen when I modify flash drives in linux. Whether changing the file system, partition table, or whatever. It no longer shows up as /dev/sdx, and gets a long UUID.
When I tried "mount /dev/sdb1" I got an error about that not being in fstab.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.