I discovered today that in Karmic there is an option to format encrypted usb disks.
But first of all you need to install the support for this feature; from the terminal:

$ sudo apt-get install cryptsetup

When you plug in your USB disk, and mount it, you'll see an icon on your desktop. Right-clicking on it and selecting "Format" will let you to specify an encrypted filesystem type:

Format USB drive

Screenshot-Format SanDisk Cruzer Pattern (8.0 GB)

Clicking to "Format" button will ask you to type the password for the encrypted volume:

Screenshot-Enter Passphrase

At this point the format will proceed and, after, the USB drive will be mounted with an open lock icon:
encrypted volume mounted

If you want to change the password it should be possible from the "Disk Utility" (System>Administration>Disk Utility, or type "palimpsest" at the command line), but it seems to be buggy, as it always gives me "Incorrect Passphrase. Try again".

Command line tools always helps in those cases.

First step, add the new password for the volume:

$ sudo cryptsetup luksAddKey /dev/sdb 
[sudo] password for luigi: (my system admin password)
Enter any LUKS passphrase: (any password registered to this volume)
key slot 0 unlocked.
Enter new passphrase for key slot: (the new password)
Verify passphrase: (the new password again)
Command successful.

Second step, dump all the key password for the volume:

$ sudo cryptsetup luksDump /dev/sdb
LUKS header information for /dev/sdb

Version:       	1
Cipher name:   	aes
Cipher mode:   	cbc-essiv:sha256
Hash spec:     	sha1
Payload offset:	1032
MK bits:       	128
MK digest:     	c8 97 18 80 0c 0a 86 ed 8f 3c 85 03 e1 de de 2d 68 ed 70 a0 
MK salt:       	16 ae 5b 05 2c 2b 02 d5 af 0d 71 d7 08 ba 51 fd 
               	9f 98 cd 11 52 e8 14 44 71 4f 84 53 99 02 97 c7 
MK iterations: 	10
UUID:          	c4ada688-3cae-4053-a1c6-781614ad683f

Key Slot 0: ENABLED
	Iterations:         	447466
	Salt:               	63 30 36 1f 87 83 f6 73 75 e9 a2 b2 dc f1 30 4c 
	                      	09 67 1d e7 82 71 35 6c c4 df ce 10 0e 3b 42 2f 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: ENABLED
	Iterations:         	451004
	Salt:               	55 c4 d0 4f e9 24 d8 c0 2a cb b2 7f 09 a1 80 98 
	                      	4f 4d 1a 5e 6f 1c d5 ad c2 30 a3 02 15 9d 1e bd 
	Key material offset:	136
	AF stripes:            	4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Third step: remove the old password:

$ sudo cryptsetup luksKillSlot /dev/sdb 0 
Enter any remaining LUKS passphrase: 
key slot 1 verified.
Command successful.

Unmount the volume and try the new password. It should work.

Of course it would be better to have the "change password" feature in the context menu of the mounted volume, or at least having the feature working in the "Disk Utility" program. But, you know, it's Linux, and you need to hack it sometimes :)

It seems also that LUKS is supported on Windows, see here.

Another good, portable, free, and more complete solution to encrypted filesystems is the great TrueCrypt.

For the experts, a useful command-line HOWTO on using LUKS: http://ubuntuforums.org/showthread.php?t=404346.

As you may be aware, development of TrueCrypt was discontinued back in 2014 and has subsequently not been maintained. A number of security flaws have been uncovered and here's the list of alternatives.

No Responses to “Karmic and Luks: USB drive encryption made (almost) easy”  

  1. No Comments

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


November 2009
« Sep   Dec »

Follow me

twitter flickr LinkedIn feed

Subscribe by email

Enter your email address:



Tag Cloud