Mini-HowTo: Encrypted removable devices in Breezy
Martin Pitt
martin.pitt at ubuntu.com
Sat Jul 16 09:49:52 CDT 2005
Hi everybody!
For Breezy I more or less silently worked on support for encrypted
removable devices. It's not very polished yet, so I didn't advertise
it very much, but since it works at a level where it is actually
useful, I was asked to drop at least a short note for advanced
users.
To create an encrypted partition on a removable device (like an USB
stick), do the following:
* Install the package 'cryptsetup'.
* If you do not want to encrypt the whole stick, repartition the
stick with "sudo cfdisk /dev/sda" (or whichever device). E. g. my
personal USB stick has a big unencrypted partition for data
exchange and a very small (5 MB) encrypted partition for storing my
GPG and SSH keys.
* Create an encrypted partition on the target partition:
sudo luksformat /dev/sda1
(or sda2 if you want to format the second partition, and so on).
This will ask you for a passphrase. The default file system is
"vfat", but you can specify a different one with the "-t" option
(see manual page).
After this procedure, remove the stick and plug it in again. This
should trigger a dialog which asks you for the passphrase and mounts
the encrypted partition (along with any unencrypted one, of course).
I'm aware of the many rough edges (like not setting up a proper device
name for the encrypted partition) and missing features (like a missing
GUI for formatting devices and support for hard drive encryption), but
maybe somebody becomes interested enough to help me working at this?
So have fun with trying it out. I welcome any suggestions and
contributions.
Just a little warning at the end: Please be aware that if you lose the
passphrase, there is *NO WAY* to restore your data!
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
More information about the ubuntu-devel
mailing list