LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-14-2016, 08:43 PM   #1
remn
Member
 
Registered: Jun 2015
Posts: 37

Rep: Reputation: Disabled
Most secure way to encrypt a usb flash drive?


I'm wondering what's the most secure way to encrypt a usb flash drive from the command line. The 2 options I've found from searching around are the gpg and cryptsetup commands. I'm leaning towards running "gpg -c /dev/sdb1", because it seems easier. I'm just wondering how strong the encryption will be with the gpg command. I would use a strong password but I'm just wondering how good gpg is for encrypting devices, since it's mostly known for encrypting text and files.

Any other options I should consider?
 
Old 02-14-2016, 09:35 PM   #2
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
I've never used cryptsetup, so I have no recommendation about that. I use veracrypt to encrypt a USB drive connected to my desktop, and it works well. I can mount it as a regular drive via password, but unmounted it's inaccessible. Gpg is clunkier to use, and doesn't let you mount the drive for use, AFAIK.
 
Old 02-15-2016, 07:51 AM   #3
EduPorteņo
LQ Newbie
 
Registered: Oct 2012
Location: Argentina
Distribution: Ubuntu - Knoppix
Posts: 23
Blog Entries: 2

Rep: Reputation: Disabled
I'm using an OS which runs on an USB flash drive and encrypts all the rest of the device for home.
It's called Knoppix Version 7.6.1
 
Old 02-15-2016, 05:00 PM   #4
ZombieChicken
LQ Newbie
 
Registered: Feb 2016
Posts: 8

Rep: Reputation: Disabled
Quote:
Originally Posted by remn View Post
I'm wondering what's the most secure way to encrypt a usb flash drive from the command line. The 2 options I've found from searching around are the gpg and cryptsetup commands. I'm leaning towards running "gpg -c /dev/sdb1", because it seems easier. I'm just wondering how strong the encryption will be with the gpg command. I would use a strong password but I'm just wondering how good gpg is for encrypting devices, since it's mostly known for encrypting text and files.

Any other options I should consider?
LUKS/cryptsetup is the more-or-less standard way of encrypting a drive. GPG is, as you said, used to encrypt files. Depending on how paranoid you wish to be, encrypt the device using LUKS and then encrypt the files you really want protected using GPG. It all depends on how paranoid you want to be and what your use case is.
 
Old 02-15-2016, 07:41 PM   #5
jefro
Moderator
 
Registered: Mar 2008
Posts: 20,736

Rep: Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348
The question involves the level or security. If you are trying to encrypt it to evade a government then you may be out of luck. They have supercomputers that could bypass almost any scheme. This also assumes there isn't some backdoor to the method or flaw to it that is not widely known. At one time GPG was under attack by governments. Suddenly the complains stopped prompting people to assume it wasn't as secure as thought.

For most users I'd think gpg or any of the standard ways would do OK.
 
Old 02-16-2016, 12:41 PM   #6
remn
Member
 
Registered: Jun 2015
Posts: 37

Original Poster
Rep: Reputation: Disabled
I encrypted a flash drive with cryptsetup, using the following command:

Code:
cryptsetup -v luksFormat /dev/sdb1
The encryption worked, but now I'm having all kinds of problems mounting the device. I've tried both command line and my graphical file browser, and it won't mount.

In the dolphin file browser I'm able to enter the password, but then I get this message: "An error occurred while accessing '15.2 GiB Encrypted Drive', the system responded: An unspecified error has occurred: No such interface 'org.freedesktop.UDisks2.Filesystem' on object at path /org/freedesktop/UDisks2/block_devices/dm_2d0"

In the command line I was getting a UUID but now for some reason that's not showing up. It just shows up as sdb1, and when I try
Code:
mount sdb1
it just says "no such file or directory."

For some reason the drive no longer shows up as /dev/sdb1 since I encrypted it, I guess because it won't mount.

Last edited by remn; 02-16-2016 at 12:43 PM.
 
Old 02-16-2016, 01:40 PM   #7
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,289
Blog Entries: 13

Rep: Reputation: 4366Reputation: 4366Reputation: 4366Reputation: 4366Reputation: 4366Reputation: 4366Reputation: 4366Reputation: 4366Reputation: 4366Reputation: 4366Reputation: 4366
Don't give it to anyone.

Seriously, if it's a flash drive then isn't it mainly for system to system large file transfer? Then you'd need to have the key and decryption mechanism either on the flash drive, or on both (or multiple) systems.

Physical security is the first level of security.
 
Old 02-16-2016, 05:13 PM   #8
remn
Member
 
Registered: Jun 2015
Posts: 37

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by rtmistler View Post
Don't give it to anyone.

Seriously, if it's a flash drive then isn't it mainly for system to system large file transfer? Then you'd need to have the key and decryption mechanism either on the flash drive, or on both (or multiple) systems.

Physical security is the first level of security.
Thanks but I'm looking for a way to encrypt the flash drive. And no it's not for system to system large file transfer, there are other uses for flash drives.
 
Old 02-16-2016, 08:53 PM   #9
jefro
Moderator
 
Registered: Mar 2008
Posts: 20,736

Rep: Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348Reputation: 3348
This isn't right. "mount sdb1"

https://www.kubuntuforums.net/showth...-Kubuntu-14-04
 
Old 02-16-2016, 09:14 PM   #10
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,305
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
Hi.

I just started learning to use eCryptfs: http://ecryptfs.org/documentation.html enterprise grade...

best wishes and have fun!

Add:
Code:
mount /dev/sdb1

Last edited by jamison20000e; 02-16-2016 at 09:18 PM.
 
Old 02-17-2016, 08:07 AM   #11
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,110
Blog Entries: 4

Rep: Reputation: 3210Reputation: 3210Reputation: 3210Reputation: 3210Reputation: 3210Reputation: 3210Reputation: 3210Reputation: 3210Reputation: 3210Reputation: 3210Reputation: 3210
The purpose of pen-drive encryption is simply to make the device useless to someone else if it drops out of your suitcase. I suggest that you should simply use a filesystem that does the encryption for you as transparently as possible, such that you don't have to enter a password or anything in order to use the drive. To you, it should be "transparently not-obvious" that the content is encrypted at all: "it just works."

If you need to encipher content, use certificate-based GPG, such that it is possible for anyone who's receiving the file to independently verify that the file did come from "you," and that it has not been tampered with. In practice, the "identity verification" capability of these crypto-systems is every bit as important ... if not more so ... than their impenetrability.

It should be "very easy and transparent" for you to encipher files (or e-mail ...) that you send, and to decipher and verify content that you receive. (Even un-protected files should be signed.)

If you make the process "obfuscatory and hard on yourself and your associates," the odds are much higher that someone just won't do it. Or, that they won't do it correctly every time.

Last edited by sundialsvcs; 02-17-2016 at 08:12 AM.
 
Old 02-17-2016, 02:54 PM   #12
remn
Member
 
Registered: Jun 2015
Posts: 37

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jefro View Post
The problem is that after I encrypted the drive with cryptsetup it no longer shows up as /dev/sdb1. This sort of thing always seems to happen when I modify flash drives in linux. Whether changing the file system, partition table, or whatever. It no longer shows up as /dev/sdx, and gets a long UUID.

When I tried "mount /dev/sdb1" I got an error about that not being in fstab.
 
Old 02-17-2016, 03:00 PM   #13
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,305
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
Code:
sudo parted -l
Should list it?
 
Old 02-17-2016, 07:13 PM   #14
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
Maybe a hardware encrypted flash drive, like an Apricorn Ageis or similar.
 
Old 02-21-2016, 02:05 PM   #15
TxLonghorn
Member
 
Registered: Feb 2004
Location: Austin Texas
Distribution: Mandrake 9.2
Posts: 702

Rep: Reputation: 231Reputation: 231Reputation: 231
Quote:
Originally Posted by Doug G View Post
Never try to teach a pig how to sing. It will waste your time, and it annoys the pig
Doug G, was this YOU ? → https://www.youtube.com/watch?v=ev4AKmTMQWk
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
make an encrypt file system on a flash drive abashasan Linux - Newbie 3 03-07-2013 03:27 PM
How to encrypt Mint 13 KDE (which runs from USB Flash) without reinstall imayneed Linux - Software 4 09-19-2012 01:10 AM
LXer: Tips: Easy Way to Encrypt USB Flash Drive on Ubuntu LXer Syndicated Linux News 0 03-06-2012 09:21 PM
Secure USB flash drive recommendations? tp42 Linux - Hardware 1 07-20-2009 07:52 PM
LXer: EDGE Tech Corp Announces Portable Flash Drive With Muscle - the New 8GB DiskGO!(TM) Now Available; Swap and Go With This Secure Thumb-Sized Flash Drive LXer Syndicated Linux News 0 12-14-2005 02:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration