I discovered today that in Karmic there is an option to format encrypted usb disks.
But first of all you need to install the support for this feature; from the terminal:
$ sudo apt-get install cryptsetup
When you plug in your USB disk, and mount it, you'll see an icon on your desktop. Right-clicking on it and selecting "Format" will let you to specify an encrypted filesystem type:
Clicking to "Format" button will ask you to type the password for the encrypted volume:
At this point the format will proceed and, after, the USB drive will be mounted with an open lock icon:
If you want to change the password it should be possible from the "Disk Utility" (System>Administration>Disk Utility, or type "palimpsest" at the command line), but it seems to be buggy, as it always gives me "Incorrect Passphrase. Try again".
Command line tools always helps in those cases.
First step, add the new password for the volume:
$ sudo cryptsetup luksAddKey /dev/sdb [sudo] password for luigi: (my system admin password) Enter any LUKS passphrase: (any password registered to this volume) key slot 0 unlocked. Enter new passphrase for key slot: (the new password) Verify passphrase: (the new password again) Command successful.
Second step, dump all the key password for the volume:
$ sudo cryptsetup luksDump /dev/sdb LUKS header information for /dev/sdb Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 1032 MK bits: 128 MK digest: c8 97 18 80 0c 0a 86 ed 8f 3c 85 03 e1 de de 2d 68 ed 70 a0 MK salt: 16 ae 5b 05 2c 2b 02 d5 af 0d 71 d7 08 ba 51 fd 9f 98 cd 11 52 e8 14 44 71 4f 84 53 99 02 97 c7 MK iterations: 10 UUID: c4ada688-3cae-4053-a1c6-781614ad683f Key Slot 0: ENABLED Iterations: 447466 Salt: 63 30 36 1f 87 83 f6 73 75 e9 a2 b2 dc f1 30 4c 09 67 1d e7 82 71 35 6c c4 df ce 10 0e 3b 42 2f Key material offset: 8 AF stripes: 4000 Key Slot 1: ENABLED Iterations: 451004 Salt: 55 c4 d0 4f e9 24 d8 c0 2a cb b2 7f 09 a1 80 98 4f 4d 1a 5e 6f 1c d5 ad c2 30 a3 02 15 9d 1e bd Key material offset: 136 AF stripes: 4000 Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED
Third step: remove the old password:
$ sudo cryptsetup luksKillSlot /dev/sdb 0 Enter any remaining LUKS passphrase: key slot 1 verified. Command successful.
Unmount the volume and try the new password. It should work.
Of course it would be better to have the "change password" feature in the context menu of the mounted volume, or at least having the feature working in the "Disk Utility" program. But, you know, it's Linux, and you need to hack it sometimes :)
It seems also that LUKS is supported on Windows, see here.
Another good, portable, free, and more complete solution to encrypted filesystems is the great TrueCrypt.
For the experts, a useful command-line HOWTO on using LUKS: http://ubuntuforums.org/showthread.php?t=404346.
As you may be aware, development of TrueCrypt was discontinued back in 2014 and has subsequently not been maintained. A number of security flaws have been uncovered and here's the list of alternatives.
|« Sep||Dec »|
- Android (3)
- Apple (30)
- Books (7)
- Eclipse (14)
- Errors (5)
- Firefox (7)
- Git (3)
- Hardware (18)
- Horror Code (8)
- Internet (21)
- Java (106)
- Life, universe and everything (45)
- Lifehacks (26)
- Linux (53)
- Opinions (26)
- OSX (11)
- OWNER API (3)
- Python (1)
- Software (35)
- Speeches and Conferences (8)
- Unix (5)
- Web (23)
- Windows (19)
Android apple architecture Bash bsd configuration CSS Development Düsseldorf framework free Git Google Hardware hdr How-To howto Java Karmic library Linux lion MacBook maven opensource Open Source Opinion os x OSX owner owner api patterns Pitfalls Practices properties Software TDD Testing tip tonemapped Tricks Ubuntu unix video Web