-
Cipher (GPG) partition on USB disk
Hello everybody,
I want to make a cipher partition on my USB and “on the fly” being able to read / write it on systems (my personal laptop, my work laptop, my personal desktop…) where I have GPG private key.
Some tips on how to make it ?
Thanks
-
3 Replies
-
-
Hmm… I never used gpg but I know a few ways you can achieve this using kernel encryption libraries and making loop devices… Could that be a satisfactory solution for you?
David
Idea is to have a mobile storage disk (USB) with cypher data, and a private key in my laptop and my desktop computer, and be able to read/write data only on that computers, and if my usb is stolen, then my cypher data will be lost, but not read by anyone.
-
Hi nil,
I cannot think of a good solution using gpg, but cryptsetup with LUKS support could be a good option (you can even use it to store your gpg private key).
First install the package cryptsetup:
[code:1]sudo apt-get install cryptsetup
Repartition the stick as needed (I use a big unencrypted partition for data exchange and a small 20MB encrypted partition for storing sensible data):
[code:1]sudo cfdisk /dev/sdb
Initialize the LUKS partition and set the passphrase (you might have to manually load the dm-crypt module):
[code:1]sudo cryptsetup luksFormat /dev/sdb2 -c aes -s 256 -h sha256
Open the LUKS partition:
[code:1]sudo cryptsetup luksOpen /dev/sdb2 enc_usb
Create a file system on the partition:
[code:1]sudo mkfs.ext3 /dev/mapper/enc_usb
Close the LUKS partition:
[code:1]sudo cryptsetup luksClose enc_usbThe next time you plug in your USB stick, gnome-volume-manager will prompt you for the passphrase and the encrypted partition will be mounted automatically.
You can even carry a copy of FreeOTFE (http://www.freeotfe.org/) in the unencrypted partition and you will be able to access your LUKS partition from Windows machines too (why would you want to do that anyway? :D)
Hello everybody,
I want to make a cipher partition on my USB and “on the fly” being able to read / write it on systems (my personal laptop, my work laptop, my personal desktop…) where I have GPG private key.
Some tips on how to make it ?
Thanks
[/url]
