Encrypting a usb drive is an excellent idea for ensure that your data is safe and secure.
If you are storing business data or any kind of personal sensitive information in a usb drive, its important to keep it safe it from hackers and snoopers.
Or if you accidentally loose your usb drive then you can be sure that the data can't be read by anyone.
Encrypting usb drives and handling them on linux is actually extremely easy.
You can either use the gnome-disks application to format the usb drive with encryption enabled. After that file browsers like Dolphin and Nautilus will be able to access it easily.
Insert the USB drive and launch gnome-disks app, and then format to EXT4 with LUKS Encryption selected.
However this method of encryption works only with EXT4 file system.
Alternatively you can use commands like cryptsetup to encrypt the drive and use it the same way.
In this article we shall take a quick look at how to encrypt a usb pen drive using cryptsetup, which implements the LUKS standard.
1. Connect the USB Drive
Connect the usb drive to the system, but do not mount it. Don't click it inside a file browser, which actually mounts it.
If the drive is already mounted then either remove it and re-insert it or, use the umount command.
$ umount /dev/sde1
Now if you run the lsblk command it will show the usb drive device, but no mount point.
$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 281.6M 1 loop /snap/atom/273 loop1 7:1 0 282.4M 1 loop /snap/atom/275 loop2 7:2 0 138.8M 1 loop /snap/chromium/1514 loop3 7:3 0 99.2M 1 loop /snap/core/10859 loop4 7:4 0 138.8M 1 loop /snap/chromium/1523 loop5 7:5 0 98.4M 1 loop /snap/core/10823 loop6 7:6 0 219M 1 loop /snap/gnome-3-34-1804/66 loop7 7:7 0 55.5M 1 loop /snap/core18/1988 loop8 7:8 0 162.9M 1 loop /snap/gnome-3-28-1804/145 loop9 7:9 0 64.4M 1 loop /snap/gtk-common-themes/1513 loop10 7:10 0 64.8M 1 loop /snap/gtk-common-themes/1514 loop11 7:11 0 140K 1 loop /snap/gtk2-common-themes/13 loop12 7:12 0 944.1M 1 loop /snap/xonotic/64 loop13 7:13 0 61.6M 1 loop /snap/core20/904 loop14 7:14 0 916.7M 1 loop /snap/xonotic/53 loop15 7:15 0 111.3M 1 loop /snap/shutter/27 loop16 7:16 0 55.4M 1 loop /snap/core18/1944 sda 8:0 0 111.8G 0 disk └─sda1 8:1 0 95.4G 0 part / sdb 8:16 0 111.8G 0 disk └─sdb1 8:17 0 95.8G 0 part /media/enlightened/f41b21a7-e8be-48ac-b10d-cad641bf709b sdc 8:32 0 447.1G 0 disk └─sdc1 8:33 0 400G 0 part /media/enlightened/a935afc9-17fd-4de1-8012-137e82662ff01 sdd 8:48 0 465.8G 0 disk └─sdd1 8:49 0 420G 0 part /media/enlightened/757dcceb-3e17-4ca8-9ba1-b0cf68fb0134 sde 8:64 1 28.8G 0 disk └─sde1 8:65 1 28.8G 0 part $
No mount location is shown for the 32GB usb drive /dev/sde above.
2. Setup LUKS
Now run the cryptsetup command to setup LUKS based encryption
$ sudo cryptsetup luksFormat /dev/sde1 WARNING: Device /dev/sde1 already contains a 'vfat' superblock signature. WARNING! ======== This will overwrite data on /dev/sde1 irrevocably. Are you sure? (Type 'yes' in capital letters): YES Enter passphrase for /dev/sde1: Verify passphrase: $
In the above command we specify the partition that is /dev/sde1 .
3. Format the drive
Now we have to first open the encrypted partition and map it to a virtual device.
Use the luksOpen option with the cryptsetup command.
$ sudo cryptsetup luksOpen /dev/sde1 myusb Enter passphrase for /dev/sde1: $
Now format the partition using the mkfs.ext4 command
$ sudo mkfs.ext4 /dev/mapper/myusb -L myusb mke2fs 1.45.6 (20-Mar-2020) Creating filesystem with 7550352 4k blocks and 1888656 inodes Filesystem UUID: 4dd22bb7-022b-4175-8526-7776427c1089 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000 Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done $
Finally close the virtual device
$ sudo cryptsetup luksClose myusb
Remove the pen drive. Now insert it and use from any file browser like Nautilus and Dolphin. Fill the password when asked and it would become accessible like any regular drive.
If you want a quick and easy way to encrypt usb drives, then just use the gnome-disks program to format and encrypt the usb drive. It takes only a few clicks.
Make sure that your personal, business and other sensitive data is always secure whenever you are carrying them in a usb drive, specially when travelling.
Data theft can lead to un-imaginable problems and encryption will save you from it for free.
If you have any further questions or feedback, let me know in the comments below.
So clearly and interesting. Let’s keep it up
Thanks. Clear and succint article. However, when I reinsert the USB drive, the notifier (in this case under KDE), it says “You are not authorized to mount this device.” However, it does mount, apparently as read only (because under Dolphin I see a lost+found directory, but I’m not able to create any new file/folder under this USB drive.
Do you think it has to do with my permissions as a user? Under /etc/group my user is part of plugdev