Alessandro Dotti Contra

Linux/Unix DevOps


Encrypted external storage

If, for whatever reason, you'd like to have an external storage device - be it a pen-drive, an SD card, a hard disk - to be secure, you can easily encrypt it. The procedure is pretty straightforward.

The procedure outlined assumes you are using a Debian GNU/Linux system, but should be very similar on other Linux distributions.

Prepare the device

Install the needed tools:

# apt-get install cryptsetup

Format the external device and create the file system (replace sdx with your actual device name).

# cryptsetup -y -v luksFormat /dev/sdx
# cryptsetup luksOpen /dev/sdx EXT
# dd if=/dev/zero of=/dev/mapper/EXT status=progress
# mkfs.ext4 /dev/mapper/EXT
# cryptsetup luksClose EXT

Use the device

To mount the encrypted device:

# cryptsetup luksOpen /dev/sdx EXT
# mount /dev/mapper/EXT /mnt

To unmount it:

# umont /mnt 
# cryptsetup luksClose EXT