I bought an Intenso 128 GB to store my private files on it. I am often on the road and therefore I have decided on a USB Drive and not an encrypted Notebook.
I use Arch Linux, but the manual should run on any Linux System.
sudo pacman -S cryptsetup
Connect the USB Drive but do not mount it. We first delete the USB Stick securely, then the encrypted Container is created and then will be partition created.
$ sudo dd if=/dev/urandom of=/dev/sdb bs=4096 $ sudo shred -v /dev/sdb $ sudo cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sdb $ sudo cryptsetup open --type luks /dev/sdb crypt $ sudo mkfs.btrfs /dev/mapper/crypt $ sudo mkdir /mnt/dmCrypt $ sudo mount -t btrfs /dev/mapper/crypt /mnt/dmCrypt $ sudo chmod a=rwx /mnt/dmCrypt
This means that the USB Drive is encrypted and requires the input of the Passphrase for integration. To mount the Drive I write a short Shell Script, with my File Managers it will not be worked user have write permission.
$ cat /usr/local/bin/mount_crypt.sh #!/usr/bin/env bash case $1 in mount ) sudo cryptsetup open --type luks /dev/sdb crypt sudo mount -t ext4 /dev/mapper/crypt /mnt/crypt sudo chmod a+rwxt /mnt/crypt ;; umount) sudo umount /mnt/crypt sudo cryptsetup luksClose crypt ;; *) echo "for mounting the drive use mount_crypt.sh mount" echo "for umount the drive use mount_crypt.sh umount " ;; esac
If you do not have sudo installed, you have to replace sudo with su -c, or do the whole thing as root.