Hardware

Encrypt Data on USB from Linux

We usually use a USB drive to carry data from one place to another. USB drives are portable data storage that can be lost or stolen. Encrypting the data inside the USB can protect your data from being accessed by others if you lose the USB drive. So it is recommended to encrypt portable devices which contain important data. There are several ways to encrypt data on USB in Linux. The article is a guide on the tools used to encrypt the USB on Linux. The tools are:

  • Using cryptsetup
  • Using Disk Gnome
  • Using veracrypt

Encrypt USB Data Using cryptsetup

Cryptsetup is a Linux utility that is used to secure the USB drive with encryption and authentication. To install cryptsetup, type the following commands.

[email protected]:~$ sudo apt-get install cryptsetup

Now plug in your USB drive and list all the connected hard drives using the lsblk command.

Now note the USB drive name you want to encrypt, /dev/sdb in this case. To encrypt the USB drive run the cryptsetup command as follows:

[email protected]:~$ sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb

Enter YES for confirmation, and it will ask you to enter the passphrase. Enter a secure passphrase as it will be used to decrypt the USB drive. Now the drive will be converted in LUKS format for encryption.

Open this encrypted drive as follows:

[email protected]:~$ sudo cryptsetup luksOpen /dev/sdb luks

It will ask for the entered passphrase while enabling the encryption to access the encrypted USB drive. Check the mapping of your drive using the fdisk command with -l option.

[email protected]:~$ sudo fdisk -l

The drive is mapped to /dev/mapper/luks. Now use the mkfs command to create an ext4 filesystem.

[email protected]:~$ sudo mkfs.ext4 /dev/mapper/luks

After creating the filesystem, create a directory using the mkdir command.

[email protected]:~$ sudo mkdir /mnt/encrypted

Now mount the file system on the recently created directory for USB drive usage.

[email protected]:~$ sudo mount /dev/mapper/luks /mnt/encrypted

Create a new file inside the USB drive with the command touch.

[email protected]:~$ sudo touch /mnt/encrypted/file1.txt

To create a file without the sudo command, you have to change the ownership as follows:

[email protected]:~$ sudo chown -R `whoami` /mnt/encrypted

Now you can create a file without the sudo command

[email protected]:~$ touch /mnt/encrypted/file2.txt

Check the files created in encrypted USB drive

[email protected]:~$ ls /mnt/encrpted

Hence, you can create as many files as possible. Unmount the drive from your system using the umount command.

[email protected]:~$ sudo umount /dev/mapper/luks

Now close the drive using the luksClose method of the cryptsetup tool.

[email protected]:~$ sudo cryptsetup luksClose luks

Encrypt USB Data Using Disk Gnome

Linux provides a graphical interface tool to encrypt a USB drive. Disk gnome is a graphical user interface tool used to encrypt the USB and is preinstalled in Linux. In order to open the Gnome Disk tool, search for the Disk on your system and open it.

It will open a nice graphical interface tool showing all the mounted drives on your system.

Now select the USB drive from the drives and click on the Settings symbol to open a list of options.

Select the format option from the list, and a new window will appear containing all the available options.

Write the volume name and select the ext4 filesystem with password-protected volume and click the Next button. Now it will ask for the password to encrypt the drive.

Write the password and click the Next button, and it will confirm if you want to format the drive.

Format the drive by clicking on the format button appearing on the top right corner of the window.

Now, whenever you open the USB drive, it will ask for the password used for encrypting the USB drive.

Encrypt USB Data Using VeraCrypt

VeraCrypt is free and open-source software with quality encryption and provides a very easy and attractive GUI. It is available for Linux, Mac OS, and Microsoft Windows as well. For Linux installation, visit the following link to download the version relevant to your Linux distribution.

https://www.veracrypt.fr/en/Downloads.html

After download, open the VeraCrypt GUI package from the downloads directory. A package installer window will appear asking for installation. Click on the install button to begin the installation process.

After installation, go to the menu and type veracrypt to open a nice veracrypt graphical user interface.

Before beginning the encryption process, insert the USB drive and format it using VeraCrypt. Click on the create volume button, and the tool will start the USB drive encryption.

A window will appear with two options, select the create volume within a partition to format and encrypt a non-system partition, i.e., a USB drive, in this case, and then click the next button.

The next window will appear, now click on the standard Veracrypt volume and click next.

Now it will ask for the volume location to be encrypted.

List all the drives available on the system by clicking the select device button and selecting the USB drive.

In the next window, it will show multiple options to select the Encryption and Hash algorithms. Select the AES and SHA-512 as encryption algorithms and hash algorithms, respectively.

Next, write a secure password for your USB drive and click Next.

It will ask for the large file storage options, select the appropriate option and click the Next button.

Now choose the filesystem format and click quick format to move Next.

In the next window, you have to move your mouse randomly; this is how veracrypt generates the random data to encrypt the USB drive. As you move the mouse cursor randomly, notice the progress bar getting filled. Now click the format button to format and encrypt the USB drive.

After encrypting the USB drive, click on the exit button.

Open the USB drive with veracrypt by clicking on the select device. A system storage partition window will appear; select the encrypted USB drive and the drive name. After that, click on the Mount button, and it will prompt you to write the password. Enter the password, and the encrypted USB drive is ready to use.

When you are done working with the encrypted USB drive, click the Dismount button to unmount the USB drive.

Conclusion

Securing data on USB drives is a necessary precaution to protect against unwanted cyber threats and confidential data exposure. This guide describes easy and most widely used methods (cryptset, Disk Gnome, and veracrypt) to encrypt data on a USB drive. The best part of using veracrypt for USB storage encryption is that the drive data is only accessible via veracrypt software which provides more protection.

About the author

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14