I'm wondering what's the most secure way to encrypt a usb flash drive from the command line. The 2 options I've found from searching around are the gpg and cryptsetup commands. I'm leaning towards running "gpg -c /dev/sdb1", because it seems easier. I'm just wondering how strong the encryption will be with the gpg command. I would use a strong password but I'm just wondering how good gpg is for encrypting devices, since it's mostly known for encrypting text and files.

Any other options I should consider?

I've never used cryptsetup, so I have no recommendation about that. I use veracrypt to encrypt a USB drive connected to my desktop, and it works well. I can mount it as a regular drive via password, but unmounted it's inaccessible. Gpg is clunkier to use, and doesn't let you mount the drive for use, AFAIK.

I'm using an OS which runs on an USB flash drive and encrypts all the rest of the device for home.
It's called Knoppix Version 7.6.1

LUKS/cryptsetup is the more-or-less standard way of encrypting a drive. GPG is, as you said, used to encrypt files. Depending on how paranoid you wish to be, encrypt the device using LUKS and then encrypt the files you really want protected using GPG. It all depends on how paranoid you want to be and what your use case is.

The question involves the level or security. If you are trying to encrypt it to evade a government then you may be out of luck. They have supercomputers that could bypass almost any scheme. This also assumes there isn't some backdoor to the method or flaw to it that is not widely known. At one time GPG was under attack by governments. Suddenly the complains stopped prompting people to assume it wasn't as secure as thought.

For most users I'd think gpg or any of the standard ways would do OK.

I encrypted a flash drive with cryptsetup, using the following command:

The encryption worked, but now I'm having all kinds of problems mounting the device. I've tried both command line and my graphical file browser, and it won't mount.

In the dolphin file browser I'm able to enter the password, but then I get this message: "An error occurred while accessing '15.2 GiB Encrypted Drive', the system responded: An unspecified error has occurred: No such interface 'org.freedesktop.UDisks2.Filesystem' on object at path /org/freedesktop/UDisks2/block_devices/dm_2d0"

In the command line I was getting a UUID but now for some reason that's not showing up. It just shows up as sdb1, and when I try it just says "no such file or directory."

For some reason the drive no longer shows up as /dev/sdb1 since I encrypted it, I guess because it won't mount.

Don't give it to anyone.

Seriously, if it's a flash drive then isn't it mainly for system to system large file transfer? Then you'd need to have the key and decryption mechanism either on the flash drive, or on both (or multiple) systems.

Physical security is the first level of security.

Thanks but I'm looking for a way to encrypt the flash drive. And no it's not for system to system large file transfer, there are other uses for flash drives.

This isn't right. "mount sdb1"

https://www.kubuntuforums.net/showth...-Kubuntu-14-04

Hi.

I just started learning to use eCryptfs: http://ecryptfs.org/documentation.html enterprise grade...

best wishes and have fun!

Add:

The purpose of pen-drive encryption is simply to make the device useless to someone else if it drops out of your suitcase. I suggest that you should simply use a filesystem that does the encryption for you as transparently as possible, such that you don't have to enter a password or anything in order to use the drive. To you, it should be "transparently not-obvious" that the content is encrypted at all: "it just works."

If you need to encipher content, use certificate-based GPG, such that it is possible for anyone who's receiving the file to independently verify that the file did come from "you," and that it has not been tampered with. In practice, the "identity verification" capability of these crypto-systems is every bit as important ... if not more so ... than their impenetrability.

It should be "very easy and transparent" for you to encipher files (or e-mail ...) that you send, and to decipher and verify content that you receive. (Even un-protected files should be signed.)

If you make the process "obfuscatory and hard on yourself and your associates," the odds are much higher that someone just won't do it. Or, that they won't do it correctly every time.

The problem is that after I encrypted the drive with cryptsetup it no longer shows up as /dev/sdb1. This sort of thing always seems to happen when I modify flash drives in linux. Whether changing the file system, partition table, or whatever. It no longer shows up as /dev/sdx, and gets a long UUID.

When I tried "mount /dev/sdb1" I got an error about that not being in fstab.

Should list it?

Maybe a hardware encrypted flash drive, like an Apricorn Ageis or similar.

Doug G, was this YOU ? → https://www.youtube.com/watch?v=ev4AKmTMQWk