LUKS Encrypting USB Drive in openSUSE 11.2

Encrypting a USB drive in openSUSE 11.2 is really quite easy. The following instructions are provided to format and encrypt a USB drive in openSUSE

To start we must say that there are a lot of different ways to do this. I am just going to give you the quick and dirty solution. The first option is to use the yast partitioner to format the drive and encrypt it. You will notice that when you are formatting a drive there is an "Encrypt" checkbox. This is certainly one of the easiest ways. But, if you are like me, it is not always the best way. If you have specific requirements you will likely want to use the command line options to customize your encryption.

First you must install the following packages.

# zypper install cryptsetup pam_mount

The next task is to connect your USB drive format it. To find your USB device name run:

 # fdisk -l

You should now know the device name. Let's assume it is /dev/sdb

# fdsik /dev/sdb

Use the help menu to delete the existing partitions, create a new partition, and write the changes to the drive

Next comes the fun part - Encryption

# cryptsetup luksFormat /dev/sdb1
# cryptsetup luksOpen /dev/sdb1 crypt
# mkfs.ext3 /dev/mapper/crypt
# mount /dev/mapper/crypt /mnt
# uname -a > /mnt/test
# cat /mnt/test
# umount /mnt
# cryptsetup luksClose crypt

The above commands basically enabled encryption, opened the pipe, formatted the partition with ext3, mounted the drive, created a test file, unmounted the drive, and closed the pipe. You may be thinking this is a pain but luckily that is what the pam_mount package was for. Now that we have created the encrypted USB drive we can simply run:

# mount.crypt /dev/sdb1 /mnt
# cat /mnt/test
# umount /mnt

You should definately check out the man pages for cryptsetup as there are many customizations and depending on what settings you apply you may need to review the mount.crypt command options.

Have fun!

Leave a Reply