Howto Encrypt Filesystems On Removable Storage



Encrypted Filesystems On Removable Storage.

Screenshot of dmesg.

Screenshot of dmesg. – Depicting a CorSair drive being recognized.

^^ Maybe next time, I’ll give you some ‘live-screenshots’. 😉

In the code-block below, you’ll see a quick rundown of what I recently did to one of my SD cards. 😆
(It appears that the “ \ ” gets stripped out by wordpress’ automated ‘spellchecker’!?
Hardcoding the “ \ ” as &#x5c ; seems to solve the problem. 😉 )

## Umount is an alias for:
## sudo umount /path/to/folder
## badblocks won't work with the device still 'plugged in',
## so to speak.
## First use 'dmesg',
## to determine which /dev you are going to destroy.
## Then look for it, in your /media folder,
## as that's the default folder for mounts on ubuntu.
## In my case.
Umount /media/78BA-A49C/
sudo badblocks -c 10240 -s -w -t random -v /dev/sdc
sudo fdisk /dev/sdc
## Now inside the partitioner,
## do the following:
#
## hit w for write.
#  w
## Accept changes.
## And again, do:
#  sudo fdisk /dev/sdc
## n for new.
#  n
## p for primary.
#  p
## 1 for first (a hdd can have 4 partitions max,
## of which one may be 'logical')
#  1
#  First cylinder: hit enter for the default.
#  last cylinder: hit enter for the default.
#  p
## See new output, somewhere along the lines of:
#  /dev/sdc1  2048  16252927  8125440  83  Linux
#  w
## Done setting up partition on 'cardreader/usb thumbstick'
## The use of the '\' is for readability purposes only.
#
## Enter your passphrase twice, when prompted.
## Make sure they match!
sudo cryptsetup --cipher aes-xts-plain64 \
--key-size 512 --hash sha512 \
--iter-time 5000 --use-random \
--verify-passphrase luksFormat \
/dev/sdc1
#
## Give your 'container' a more meaningful name.
sudo cryptsetup luksOpen /dev/sdc1 mapped-name
## Enter your 'passphrase', when prompted.
## Now it's time to create a filesystem on your device.
sudo mkfs -t ext4 -m 1 \
-O dir_index,filetype,sparse_super \
/dev/mapper/mapped-name
## Don't forget to close your luks-device after use.
sudo cryptsetup luksClose mapped-name
#
## Now take out your usb-thumb-drive or SD-card,
## and insert it back in.
## When prompted for a passphrase,
## type it in.
#
## Change ownership of the attached storage to yourself.
sudo chown yourname:yourname \
/media/very-long-string-of-characters
## All done!

Check out: Pastebin

Tiny Matroska pinguins

Tiny Matroska pinguins (Photo credit: Act, don’t think)


That’s all folks! 😆

Kindest regards,

Alex

ღ Ƹ̵̡ Ӝ̵̨̄ Ʒ ☆ ˜ ” * ° • . ¸ł¸ . • ° * ” ☆ ★ ☆ ę ˜

♫ d(。◕‿◕。)b ♪♪

Use the contact-form below, for feedback purposes.







Back to top.