Joseph Zikusooka ~ Zik

A software engineer specializing in open source technologies | Very experienced in building and configuring UNIX/Linux systems and servers. Passionate about developing software applications and hardware for the smart home | Currently serving as the CEO of Jambula Labs and the project leader at JambulaTV, a smart home automation and entertainment platform - | This blog focuses on the following areas: Linux How-Tos and Tutorials ::: IT Security News ::: Free and Libre Open Source Software ::: Smart Home Software ::: Digital Innovations in East Africa |

How to create an encrypted USB drive in Linux using the command line

Recently, I was tasked to write a backup program for a small office. A key requirement was that the portable backup drive they are using needed to be encrypted since it would have to be ferried off site on a daily basis. The idea was that, if the drive fell in the ‘wrong hands’ during transportation, the client’s data would be secure. With encryption, I was able to meet this need.
I thought I would break the silence with a how-to on encryption using the Linux command line interface – not exciting but quite necessary these days.

Encrypting data in Linux is very simple, and I would highly recommend it for such things as USB flash and portable hard disks. Most Linux distributions come with an encryption tool called cryptsetup.
If you do not have it , install it using yum or apt-get depending on your package manager. For Red hat based distros, use

# yum install cryptsetup

As always, you need to backup your data before you proceed. I will assume you have already created a new partition on your device e.g. /dev/sdX1. If you need to partition, refer to the venerable ‘fdisk’ utility

Create the encrypted volume

# cryptsetup -v -y luksFormat /dev/sdX1
Confirm that you want to proceed by typing “YES”
Enter your passphrase when prompted. You will be asked to verify it
Once you have created the encrypted volume, you can proceed to format it

# cryptsetup luksOpen /dev/sdX1 mydata
# mkfs.ext3 /dev/mapper/mydata

Here you can choose other file formats such as FAT32, EXT4 etc

Create a mount point

# mkdir /mnt/mydata

Mount the new volume

# mount /dev/mapper/mydata /mnt/mydata
You can then write your data to the mounted and encrypted volume at /mnt/mydata

To close the volume

# umount /dev/mapper/mydata
# cryptsetup luksClose mydata

Note: if you are using a desktop such as GNOME, you will be prompted for a passphrase every time you insert the disk, so you do not have to mount the disk manually, but then again, we are talking about the command line here!

That’s it for now

How to create an encrypted USB drive in Linux using the command line

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top