Successful test of encrypted usb drive
Bruno Wolff III
bruno at wolff.to
Fri Mar 28 19:33:33 UTC 2008
While I think this feature has been available for a while, it might be worth
mentioning with the encrypted install feature.
I tried it out as follows (as root):
Plug in the usb drive and not the device name (/dev/sdc1 in my case)
Erase it with random data (which can take a while and isn't really needed
if no senstive data was previously on the device and you don't care about
leaking which blocks on the drive have been written)
dd if=/dev/urandom of=/dev/sdc1
Create the encrypted area
cryptsetup luksFormat /dev/sdc1
Enter the passphrase twice
Make the encrypted area a usable device
The name at the end is arbitrary, but don't use one already in use
cryptsetup luksOpen /dev/sdc1 luks-usb
Create the file system using the name from above as the device
mkfs -t ext3 /dev/mapper/luks-usb
Close the encrypted device
cryptsetup luksClose /dev/mapper/luks-usb
Unplug the device
Now when you plug in the device (while logged in at the console using a GUI)
you will get asked for the passphrase and after prodiving the correct one
the device will work like a normal removable device.
Note that doing this limits you to using it with systems that support luks
and ext3, which isn't going to work for everyone.
More information about the fedora-test-list
mailing list