USB key and external USB harddrives with large capacity are ubiquitous. Those devices are small, cheap, and easy to lose. If the finder is friendly, she/he will look through the files to find out to who the device belongs and return it. Or just sniff around and keep the device which is more likely. I think “better safe than sorry” is the way to go and encryption of the files can help to protect your privacy. There are only a few simple steps needed to achieve this.
# yum install cryptsetup-luks
The command below creates an encrypted block device. See
man cryptsetup for details.
# cryptsetup -c aes-xts-plain -s 512 -y -s 512 luksFormat /dev/sdb2
Let’s open the new device. The password is needed.
# cryptsetup luksOpen /dev/sdb2 encrypted
Enter passphrase for /dev/sdb2:
Create a file system is the next step.
# mkfs.ext3 /dev/mapper/encrypted
mke2fs 1.42 (29-Nov-2011)
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
16982016 inodes, 67901952 blocks
3395097 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
2073 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
Closing the LUKS partion.
# cryptsetup luksClose encrypted
Disconnect the device from the computer and re-connect it. Now enter the password and the device is mounted automatically.
and we are good to go…