Encrypting a USB Flash drive with LUKS

Here is a quick run through on how to encrypt a USB flash drive using Linux Unified Key Setup (LUKS).

 

Here is the LUKS config:


[root@localhost jon]# fdisk /dev/sdd

> Command (m for help): n
> Partition type
> p primary (1 primary, 0 extended, 3 free)
> e extended (container for logical partitions)
> Select (default p): p
> Partition number (1-4, default 1): 1
> Using default value 1
> First sector (2048-1015807, default 2048):
> Using default value 2048
> Last sector, +sectors or +size{K,M,G} (2048-1015807, default 1015807):
> Using default value 1015807

> Command (m for help): w
> The partition table has been altered!

[root@localhost jon]# cryptsetup luksFormat /dev/sdc1

WARNING!
========
> This will overwrite data on /dev/sdd1 irrevocably.

> Are you sure? (Type uppercase yes): YES
> Enter LUKS passphrase:
> Verify passphrase:

[root@localhost jon]# cryptsetup luksOpen /dev/sdc1 LUKS0001
> Enter passphrase for /dev/sdc1:

[root@localhost jon]# mkfs.ext4 /dev/mapper/LUKS0001 -L ENCRYPTED
> mke2fs 1.42.11 (09-Jul-2014)
> Creating filesystem with 244192 1k blocks and 61200 inodes
> Filesystem UUID: d0e027dc-717a-4b79-be53-c35785bc6956
> Superblock backups stored on blocks:
> 8193, 24577, 40961, 57345, 73729, 204801, 221185

> Allocating group tables: done
> Writing inode tables: done
> Creating journal (4096 blocks): done
> Writing superblocks and filesystem accounting information: done

[root@localhost jon]# cryptsetup luksClose LUKS0001

# Now pull the flash drive out and re-plug it in. You should be be prompted for your passphrase.

Using FreeIPA to authenticate OpenVPN users on pfSense

I have been fiddling with multiple different authentication methods to centralise the authentication across all my devices and services. ...… Continue reading

Zen Internet, IPv6 and pfsense

Published on February 19, 2017

Basic Telegraf, InfluxDB and Grafana setup

Published on January 26, 2017