Encryptying a removeable drive on Linux
Recent versions of Linux provide easy support for encrypted external drives.
If you store data on a removeable USB device you should consider encrypting
the data assuming it is something you do not wish anyone to view should the
drive be lost. Remember that you must remember the password or you will
be unable to view the data - consider this if you put the device on a shelf for a
This quick guide describes encrypting a drive by making use of the Linux
device mapper and luks (Linux Unified Key Setup). This woks on Ubuntu 10.04
and later versions. (Perhaps earlier versions as well, only tested with 10.04 and
Note: To encrypt a single file consider the bcrypt utility.
Install the following if not already installed:
sudo apt-get install cryptmount cryptsetup
Insert removeable drive and determine how it is mounted (look at /var/log/messages
or run mount command).
In this example we will assume the device has been mounted as /dev/sdb1
WARNING: You must use the device name for your system.
Do not use this name (sdb1) unless it is also the device on your system!
Unmount the device.
Create an ext3 file system. Reserve no space for super user (-m 0) and
give the device a label (-L).
mkfs.ext3 -j -m 0 -L testdat /dev/sdb1
Create a crypto file system.
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1
Make a place to mount the drive.
Attach encrypted disk. Will become "/dev/mapper/crypt".
cryptsetup luksOpen /dev/sdb1 /crypt
Create a file system.
mkfs.ext3 -j -m 0 /dev/mapper/crypt
Close the device - remove mapping.
cryptsetup luksClose crypt
Remove the USB disk.
Insert the disk and Ubuntu will prompt for the password.