LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-21-2016, 03:01 PM   #16
FAQ
LQ Newbie
 
Registered: Feb 2016
Posts: 6

Rep: Reputation: Disabled

@ remn

I also use an encrypted usb and these steps always works for me. **NOTE: I will be using the device nodes relevant to my system. For example, my usb stick is at /devsdc1. Be sure you use your actual usb device node.

Code:
cryptsetup luksFormat -c aes-xts-plain64 /dev/sdc1

cryptsetup luksOpen /dev/sdc1 usb
I choose usb as the mapper name for cryptsetup. You can use any name you want.

The next step is to format the mapper device. If you forget this, the system WILL NOT recognize the device and thus it will not mount.

Code:
mkfs.vfat /dev/mapper/usb
I'm using FAT32 to format my usb device. FAT32 doesn't use linux/unix's permissions scheme. So, me, as a regular user, I can read and write to it.

Now, you can mount the device

Code:
mount /dev/mapper/usb /mnt
When done using the encrypted usb stick, be sure to umount and close.

Code:
umount /mnt/
cryptsetup luksClose /dev/mapper/usb

Now, the next time you pop in the usb stick, it will be recognized by your system in a GUI desktop. As a regular user, you can click on th device and you will be prompted for the passphrase. Upon a successful passphrase, the system will mount the device. If you use FAT32 as the filesystem type, you can read and write to it immediately.

If you use another format like ext3,4 etc. You will need to setup permissions and a group for the user to write to the usb stick.

Last edited by FAQ; 02-21-2016 at 03:24 PM.
 
Old 02-21-2016, 09:56 PM   #17
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
Quote:
Originally Posted by TxLonghorn View Post
Nah, but a cute video anyway
 
Old 02-22-2016, 01:09 AM   #18
A.Thyssen
Member
 
Registered: May 2006
Location: Brisbane, Australia
Distribution: linux
Posts: 157

Rep: Reputation: 44
Quote:
Originally Posted by jamison20000e View Post
Hi.

I just started learning to use eCryptfs: http://ecryptfs.org/documentation.html enterprise grade...
You may be starting -- but I recommend you use EncFS...

This is a 'directory-level' encryption. Files are stored in a normal file system, as directories and files, which lets you store them on a normal (VFAT, or networked) filesystem.

The big advantage of such encryption systems is that you can use incremental synchronization (rsync) between machines or to network storage (Dropbox or the like). That is you do not need to decrypt to do incremental updates. Only the individual files that has been modified, are transferred.

eCryptfs encrypts each file in the filesystem. The filename is left as is. So it is very easy for someone to see what is being encrypted, even though they may not be able to see the contents.

EncFS also encrypts each file in the filesystem, but also encrypts the filenames!

The downside (to both) is that the directory structure and rough file sizes of the data remain visible. Even though with EncFS the file/directory names are not visible.

EncFS is also thoroughly tested, and proven to work without problems, and in a variety of different ways. For example you can store data locally unencrypted, and upload a encrypted version to the network (reversed EncFS).



Now if you want bleeding edge (currently in beta testing)...

CryFS is like EncFS except the files are broken into multiple files (or small ones merged) to hide files sizes. The directory structure is also stored as normal files (and thus USB or network storable). As such the file sizes, and directory layout is also hidden from view, while retaining incremental synchronization of changes between encrypted copies.

I cannot personally recommend CryFS, as being stable or time tested, as yet, but it is the next logical step, to directory level encryption techniques.


---
As for using Luks or CryptSetup. That is a Disk Partition encryption system. This works well for USB sticks but you can not use it for network storage. Also if you want to make a backup or sync the data between machines you have to do it with the decrypted data! That is mount decrypted versions at both ends then do the copy/sync using the unencrypted data!

That is what makes a directory level encryption works so much better in general. Copy/Sync the files without needing decrypting them first.

Last edited by A.Thyssen; 02-22-2016 at 08:53 PM. Reason: getting points across more clearly.
 
1 members found this post helpful.
Old 02-22-2016, 06:41 AM   #19
TxLonghorn
Member
 
Registered: Feb 2004
Location: Austin Texas
Distribution: Mandrake 9.2
Posts: 702

Rep: Reputation: 231Reputation: 231Reputation: 231
Quote:
Originally Posted by remn View Post
When I tried "mount /dev/sdb1" I got an error about that not being in fstab.
Try
Code:
udisks --mount /dev/sdb1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
make an encrypt file system on a flash drive abashasan Linux - Newbie 3 03-07-2013 03:27 PM
How to encrypt Mint 13 KDE (which runs from USB Flash) without reinstall imayneed Linux - Software 4 09-19-2012 01:10 AM
LXer: Tips: Easy Way to Encrypt USB Flash Drive on Ubuntu LXer Syndicated Linux News 0 03-06-2012 09:21 PM
Secure USB flash drive recommendations? tp42 Linux - Hardware 1 07-20-2009 07:52 PM
LXer: EDGE Tech Corp Announces Portable Flash Drive With Muscle - the New 8GB DiskGO!(TM) Now Available; Swap and Go With This Secure Thumb-Sized Flash Drive LXer Syndicated Linux News 0 12-14-2005 02:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration