Encrypting USB, Mass Storage Devices With LUKS

In this guide you will learn how to Encrypt a USB or Mass Storage Devices with LUKS encryption.

What is LUKS ? Known as Linux Unified Key Setup or LUKS it is a disk encryption specification LUKS specifies a platform-independent standard on-disk format for use in various tools.

This not only facilitates compatibility and interoperability among different programs, but also assures that they all implement password management in a secure and documented manner If you would like to mount a LUKS partition on a Windows machine use FreeOTFE portable you can download it from the link below as Microsoft Windows Machines don’t have the utility’s to mount LUKS without using Third Party Software.

Download FreeOTFE

You can also leave a little spare space on your Storage device to host FreeOTFE on its own partition some place on the separate storage partition and then mount LUKS from your separate partition it will save downloading FreeOTFE every time you need to mount your Storage Device on a new system.

On other machines outside of your Linux box you could also use /loop/usb to add LUKS to .img files data size can still be seen in LUKS I plan on doing a little more digging in to adding Hidden Files so if someone did somehow get the key they will not be able to unlock the hidden files within.

Lets get started insert your Mass Storage Device and open up a new terminal use gparted to check the location of your USB if your prefer to use a CLI environment you can use parted.

# sudo gparted
# sudo parted

Now we will use dmeg The dmesg command is used to write the kernel messages in Linux and other Unix-like operating systems to standard output .

# sudo dmeg

Now we will use fdisk to set the Storage Device fdisk low-level command line based disk utility.

# sudo fdisk /dev/sdb

We will now be prompt for an option enter commands below.

# Command (m for help): o
# Command (m for help): w
# sudo fdisk /dev/sdb
Command (m for help): n
Command action
e  extended
p  primary partition (1-4)


From the list we will choose the options p and 1 (default) we now need to write the table.

Command (m for help): w
The partition table has been altered!
# sudo modprobe dm_drypt

Now we will set the looks format to the partition.

# sudo cryptsetup LuksFormat /dev/sdb1

Now its time to let our partition label.

# sudo cryptsetup LuksOpen /dev/sdb1 LUKS001
Enter passphrase for /dev/sdb1:
# sudo mkfs.vfat /dev/mapper/LUKS001 -n LUKS001
# sudo cryptsetup LuksClose LUKS001

If your struggle with this guide I have included an example below enjoy.