riedquat - valueable resource for those who seek.
Home Blog Technical Reports Art Articles RapiDocs Coding Links Reviews Projects: CherBot Daimonin Gridarta

How To Encrypt A USB Memory Stick

This article describes how to create and use an encrypted USB memory stick.

What's this all about?

I have a usb memory stick which I carry with me most of the time. Now there's some data on it that's not meant to be public. I wanted to protect the data. Here's how to do it.

A few notes before

This guide is for Linux. It might work under BSD, but I have not tested this. It also might work, with some slight modifications, under some other UNIX or some hacked Amiga OS. It doesn't work on Windows. This procedure involves formatting the memory stick which means all information on the stick will be lost. Be sure to make a backup. Again, the information on the stick not just might be lost, it will be lost. So be sure to make a backup. The resulting encrypted stick will not work on Windows.

How to do it

Before you start

This guide assumes your memory stick's device is block device /dev/sda1. If it isn't, replace block device /dev/sda1 with the corresponding name of your memory stick's device. Also, this guide uses block device /dev/loop0 as loop device. If block device /dev/loop0 already is in use, you need to use another loop device.

Step 1: Prepare the machine

The machine you are using encryption on must be enabled to do so. For instance, if you want to use the twofish encryption usesd in this example, the kernel module for twofish must be loaded. You can do this using insmod loop_fish2.o as root.

Step 2: Create an encrypted file system.

Note: All information on your memory stick will be lost.

First, setup the loop device using losetup -e twofish /dev/loop0 /dev/sda1. You will be asked for a password. This will be the passphrase for the encryption and decryption. Remember it well. If you loose it, all data on the stick is lost.

Then, format the stick using mkfs.ext2 /dev/loop0. Don't use a journalling file system on a memory stick! Memory sticks usually are flash memory devices. Writing flash is slow, and flash only stands a limited number of writes. Journalling drastically increases the number of write operations. Thus journalling will dramatically decrease performance and lifetime of the memory stick.

Step 3: Mount the memory stick.

Create a directory to mount the memory stick at. I use block device /media/ssda1 for that purpose. Mount the stick using the command mount -t ext2 /dev/loop0 /media/ssda1. Now you can use it. To unmount it, use umout /media/ssda1 for unmounting, losetup -d /dev/loop0 to free the loop device.

The command to loop and mount in a single step.

This can only be done if the memory stick already has a filesystem (step 2). mount /dev/sda1 /media/ssda1/ -t ext2 -o loop=/dev/loop0,encryption=twofish to mount creating the loop automatically. Unmount with umount /dev/sda1, the loop should be removed automatically now.

Optionally create an file /etc/fstab entry

An entry in file /etc/fstab could look like this:
/dev/sda1 /media/ssda1 auto noauto,user,exec,loop=/dev/loop0,encryption=twofish 0 0
If file /etc/fstab contains such an entry, mounting can simply be done using mount /media/ssda1.

What you shouldn't do

Memory sticks use flash memory. Flash memory only has a limited life time. Thefefore it's important to limited the number of writes performed on a Flash memory. Using a journalling filesystem (e.g. ext3, ext4, reiserfs, jfs, xfs etc.) increases the number of writes but doesn't really give any additional value. In other words a journalling filesystem will decrease your memory stick's performance and lifetime. Therefore I highly recommend not to use a journalling filesystem unless it's a filesystem explicitely designed for flash memory.

show
Feedback: ✉webmaster
426 2010-04-17 13:53:27Z $Id: encryptusbmemorystick.xhtml 285 2008-09-26 22:36:57Z cher $

Copyright © 2006-2009 Christian Hujer. All rights reserved.

. ..: