Flash Notes
Security - Creation of an encrypted filesystem on a USB key
• How to determine the name of the device associated to the plugged USB key ?
Solution
Use the fdisk -l command
Example 1
# fdisk -l ... ... Disk /dev/sde: 16.0 GB, 16013852672 bytes 78 heads, 14 sectors/track, 28641 cylinders, total 31277056 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xc3072e18 Device Boot Start End Blocks Id System /dev/sde1 8064 31277055 15634496 c W95 FAT32 (LBA)
• How to create an encrypted filesystem ?
Solution
Use the commands cryptsetup and mkfs
Description
Encrypt the device
Example 1
# cryptsetup luksFormat /dev/sde1 WARNING! ======== This will overwrite data on /dev/sde1 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase:
Description
Open the encrypted device
Example 1
# cryptsetup luksOpen /dev/sde1 USB39 Enter passphrase for /dev/sde1:
Description
Create the filesystem on the encrypted device
Example 1
# mkfs -t ext4 /dev/mapper/USB39 mke2fs 1.42.5 (29-Jul-2012) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 977280 inodes, 3908112 blocks 195405 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=4005560320 120 block groups 32768 blocks per group, 32768 fragments per group 8144 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208 Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done
Description
Mount the filesystem
Example 1
# mkdir /mnt/usb39 # mount /dev/mapper/USB39 /mnt/usb39 # df -h /mnt/usb39 Filesystem Size Used Avail Use% Mounted on /dev/mapper/USB39 15G 166M 14G 2% /mnt/usb39
Description
Unmount the filesystem
Example 1
# umount /mnt/usb39
Description
Stop access to the encrypted device
Example 1
# cryptsetup luksClose USB39
Description
You can now safely unplug the USB key