« Suspend/Resume in Karmic /2
Ipod touch with Linux »

Karmic and Luks: USB drive encryption made (almost) easy

Comments Published November 26th, 2009 in Lifehacks, Linux Tags: , , , , , , .

I discovered today that in Karmic there is an option to format encrypted usb disks.
But first of all you need to install the support for this feature; from the terminal:

$ sudo apt-get install cryptsetup

When you plug in your USB disk, and mount it, you'll see an icon on your desktop. Right-clicking on it and selecting "Format" will let you to specify an encrypted filesystem type:

Format USB drive

Screenshot-Format SanDisk Cruzer Pattern (8.0 GB)

Clicking to "Format" button will ask you to type the password for the encrypted volume:

Screenshot-Enter Passphrase

At this point the format will proceed and, after, the USB drive will be mounted with an open lock icon:
encrypted volume mounted

If you want to change the password it should be possible from the "Disk Utility" (System>Administration>Disk Utility, or type "palimpsest" at the command line), but it seems to be buggy, as it always gives me "Incorrect Passphrase. Try again".

Command line tools always helps in those cases.

First step, add the new password for the volume:

$ sudo cryptsetup luksAddKey /dev/sdb
[sudo] password for luigi: (my system admin password)
Enter any LUKS passphrase: (any password registered to this volume)
key slot 0 unlocked.
Enter new passphrase for key slot: (the new password)
Verify passphrase: (the new password again)
Command successful.

Second step, dump all the key password for the volume: 

$ sudo cryptsetup luksDump /dev/sdb
LUKS header information for /dev/sdb

Version:       	1
Cipher name:   	aes
Cipher mode:   	cbc-essiv:sha256
Hash spec:     	sha1
Payload offset:	1032
MK bits:       	128
MK digest:     	c8 97 18 80 0c 0a 86 ed 8f 3c 85 03 e1 de de 2d 68 ed 70 a0
MK salt:       	16 ae 5b 05 2c 2b 02 d5 af 0d 71 d7 08 ba 51 fd
               	9f 98 cd 11 52 e8 14 44 71 4f 84 53 99 02 97 c7
MK iterations: 	10
UUID:          	c4ada688-3cae-4053-a1c6-781614ad683f

Key Slot 0: ENABLED
	Iterations:         	447466
	Salt:               	63 30 36 1f 87 83 f6 73 75 e9 a2 b2 dc f1 30 4c
	                      	09 67 1d e7 82 71 35 6c c4 df ce 10 0e 3b 42 2f
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: ENABLED
	Iterations:         	451004
	Salt:               	55 c4 d0 4f e9 24 d8 c0 2a cb b2 7f 09 a1 80 98
	                      	4f 4d 1a 5e 6f 1c d5 ad c2 30 a3 02 15 9d 1e bd
	Key material offset:	136
	AF stripes:            	4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Third step: remove the old password:

$ sudo cryptsetup luksKillSlot /dev/sdb 0
Enter any remaining LUKS passphrase:
key slot 1 verified.
Command successful.

Unmount the volume and try the new password. It should work.

Of course it would be better to have the "change password" feature in the context menu of the mounted volume, or at least having the feature working in the "Disk Utility" program. But, you know, it's Linux, and you need to hack it sometimes :)

It seems also that LUKS is supported on Windows, see here.

Another good, portable, free, and more complete solution to encrypted filesystems is the great TrueCrypt.

For the experts, a useful command-line HOWTO on using LUKS: http://ubuntuforums.org/showthread.php?t=404346.

No Responses to “Karmic and Luks: USB drive encryption made (almost) easy”  

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Search

Calendar

November 2009
M T W T F S S
« Sep   Dec »
 1
2345678
9101112131415
16171819202122
23242526272829
30  

Follow me

twitter flickr LinkedIn feed

Enter your email address:

Archives


Categories

Tag Cloud


  • Other Stuff

    • My status
    • Luigi Rocco Viggiano's Facebook profile

Related Entries