@ remn

I also use an encrypted usb and these steps always works for me. **NOTE: I will be using the device nodes relevant to my system. For example, my usb stick is at /devsdc1. Be sure you use your actual usb device node.

I choose usb as the mapper name for cryptsetup. You can use any name you want.

The next step is to format the mapper device. If you forget this, the system WILL NOT recognize the device and thus it will not mount.

I'm using FAT32 to format my usb device. FAT32 doesn't use linux/unix's permissions scheme. So, me, as a regular user, I can read and write to it.

Now, you can mount the device

When done using the encrypted usb stick, be sure to umount and close.


Now, the next time you pop in the usb stick, it will be recognized by your system in a GUI desktop. As a regular user, you can click on th device and you will be prompted for the passphrase. Upon a successful passphrase, the system will mount the device. If you use FAT32 as the filesystem type, you can read and write to it immediately.

If you use another format like ext3,4 etc. You will need to setup permissions and a group for the user to write to the usb stick.

Nah, but a cute video anyway

You may be starting -- but I recommend you use EncFS...

This is a 'directory-level' encryption. Files are stored in a normal file system, as directories and files, which lets you store them on a normal (VFAT, or networked) filesystem.

The big advantage of such encryption systems is that you can use incremental synchronization (rsync) between machines or to network storage (Dropbox or the like). That is you do not need to decrypt to do incremental updates. Only the individual files that has been modified, are transferred.

eCryptfs encrypts each file in the filesystem. The filename is left as is. So it is very easy for someone to see what is being encrypted, even though they may not be able to see the contents.

EncFS also encrypts each file in the filesystem, but also encrypts the filenames!

The downside (to both) is that the directory structure and rough file sizes of the data remain visible. Even though with EncFS the file/directory names are not visible.

EncFS is also thoroughly tested, and proven to work without problems, and in a variety of different ways. For example you can store data locally unencrypted, and upload a encrypted version to the network (reversed EncFS).



Now if you want bleeding edge (currently in beta testing)...

CryFS is like EncFS except the files are broken into multiple files (or small ones merged) to hide files sizes. The directory structure is also stored as normal files (and thus USB or network storable). As such the file sizes, and directory layout is also hidden from view, while retaining incremental synchronization of changes between encrypted copies.

I cannot personally recommend CryFS, as being stable or time tested, as yet, but it is the next logical step, to directory level encryption techniques.


---
As for using Luks or CryptSetup. That is a Disk Partition encryption system. This works well for USB sticks but you can not use it for network storage. Also if you want to make a backup or sync the data between machines you have to do it with the decrypted data! That is mount decrypted versions at both ends then do the copy/sync using the unencrypted data!

That is what makes a directory level encryption works so much better in general. Copy/Sync the files without needing decrypting them first.

1 members found this post helpful.

Try