November 28th, 2007

Encrypted usb sticks

I have been trying to get my usb stick to work when it's encrypted. I first tried to make two file systems on it - one encrypted, one usual vfat to use for data exchange with other. After some thinking I decided I'd rather have just one file system, and buy another stick for data exchange. After all I don't really want to mix them anyway.

I tried to follow the instructions here, and get as far as encrypting the partition with luksformat /dev/sdb1 (or sdc1, as the laptop insisted on renaming it to for some reason), which succeeded after a few attempts (luksformat worked all the time, but I had to try several times before I got the laptop to play). The first time I tried to use the stick, while I still also had an unencrypted partition, I was asked for a password, and it seemed to mount nicely. I fiddled a bit as I wanted to change the name of the drive, which resulted in it not working (a rather weird error message that I don't remember now, but that sounded like from an errors.h file), and not being mounted.

After repeating this a couple of times, I decided to have only one partition (an encrypter vfat partition), and I have managed to mount the stick now, and I can write to it. But files are not deleted when I move them to Trash, not even when I empty Trash. I can however delete them with rm, so the disk is not write protected.

Well, maybe I got it to work after all. I won't trust this stick too much, and make sure I have at least one other copy of the files on them, but it does seem like a better solution than storing stuff on an unencrypted disk, and pretty convenient for carrying work home (I use svn on a more secure machine anyway, so I always have an extra copy).

Edit: In order to mount the disk you need to load the modules dm_mod, dm_crypt, aes and sha256. This can be done by adding the module names (one per line) to /etc/modules and reboot, and/or by using modprobe, e.g. for i in dm_mod dm_crypt aes sha256 ; do sudo modprobe $i ; done.

If you don't do this, you will get the same error as if you type the wrong password, and this can be a bit frustrating/annoying.

In other news I finally went to the gym today, for an hour of indoor cycling. Very nice. I worked from home for a couple of hours afterwards, then called my mum and had a beer.


Latest Month

November 2012


Powered by
Designed by Keri Maijala