Encryptying a removeable drive on Linux

Recent versions of Linux provide easy support for encrypted external drives.
If you store data on a removeable USB device you should consider encrypting
the data assuming it is something you do not wish anyone to view should the
drive be lost. Remember that you must remember the password or you will
be unable to view the data - consider this if you put the device on a shelf for a
few years.

This quick guide describes encrypting a drive by making use of the Linux
device mapper and luks (Linux Unified Key Setup). This woks on Ubuntu 10.04
and later versions. (Perhaps earlier versions as well, only tested with 10.04 and

Note: To encrypt a single file consider the bcrypt utility.

Install the following if not already installed:
sudo apt-get install cryptmount cryptsetup

Insert removeable drive and determine how it is mounted (look at /var/log/messages
or run mount command).

In this example we will assume the device has been mounted as /dev/sdb1
WARNING: You must use the device name for your system.
Do not use this name (sdb1) unless it is also the device on your system!

Unmount the device.
umount /dev/sdb1

Create an ext3 file system. Reserve no space for super user (-m 0) and
give the device a label (-L).

mkfs.ext3 -j -m 0 -L testdat /dev/sdb1

Create a crypto file system.
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1

Make a place to mount the drive.
mkdir /crypt

Attach encrypted disk. Will become "/dev/mapper/crypt".
cryptsetup luksOpen /dev/sdb1 /crypt

Create a file system.
mkfs.ext3 -j -m 0 /dev/mapper/crypt

Close the device - remove mapping.
cryptsetup luksClose crypt

Remove the USB disk.
Insert the disk and Ubuntu will prompt for the password.