NOTE: This HowTo looks way longer and more difficult than it actually is.
If you're in a hurry, or don't need the additional information just jump to the blocks that contain the commands. That's it
System: Xubuntu Xenial (16.04.6 LTS)
We'll assume "/dev/sdc" as device for the USB thumbdrive device and "/dev/sdc1" for its first partition.
The stick used here is a 32GB SanDisk drive.
1) Open the USB drive in "fdisk":
Code: Select all
$ sudo fdisk /dev/sdc
Unless the stick has a GPT (GUID Partition Table), then use "gdisk".
From "fdisk", you'll get a greeting like this:
Now show the current partition table, by entering the command "p":Welcome to fdisk (util-linux 2.27.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Code: Select all
Command (m for help): p2) Create a primary partition from beginning to end:Disk /dev/sdi: 28.7 GiB, 30752000000 bytes, 60062500 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xabcdef01234
Code: Select all
Command (m for help): nOutput looks somewhat like this:
3) Save created partition and exit the partition manager:Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-60062499, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-60062499, default 60062499):
Created a new partition 1 of type 'Linux' and of size 28.7 GiB.
Code: Select all
Command (m for help): w4) Initialize the partition for LUKS:The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
Execute the following command to initialize LUKS on the USB partition we've just created:
Code: Select all
$ cryptsetup luksFormat /dev/sdc1Don't be scared by the "WARNING!" message:
You are about to delete all data on that partition. So it's nice that luksFormat gives you the time to double-check if you're working on the right device/partition.
The output looks like this:
INFO: It says "luksFormat", but this only formats the encryption layer of the partition.WARNING!
========
This will overwrite data on /dev/sdc1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
The decrypted partition itself must still be formatted to the filesystem of your choice (See below).
5) Open the LUKS partition (unformatted):
Code: Select all
$ cryptsetup luksOpen /dev/sdc1 "LUKS_01"It will ask you for your passphrase. After you've entered it and everything worked fine, there'll be no output. That's okay!
You should now get the unencrypted partition mapped in /dev/mapper under the label you've chosen.
Our device file looks like this:
lrwxrwxrwx 1 root root 7 Dec 29 22:28 /dev/mapper/LUKS_01 -> ../dm-0
6) Format the partition:
I choose ext4 (but you can use a different filesystem).
Code: Select all
$ mkfs.ext4 -m 0 -L "MY_STUFF" /dev/mapper/LUKS_01I don't find it necessary on USB sticks(=non-system disks). Please choose a label that suits you
(But please also avoid spaces, as this label will become a foldername once the stick is mounted...)
7) Done!
That's it
You should now see this USB stick show up in the file manager of your choice (Thunar on XFCE4) and behave like a regular USB stick - except it asks you for your passphrase before you can mount/use it.
Have fun!