5

I want to encrypt my USB HDD. And i want to do it with open source software. And i want to use only password for decryption. And i want to decrypt it using an Ubuntu 10.04 LiveCD, with no internet-connection. And i don't want solutions using e.g.: DES with 56 bit. At least AES 256 bit please!

What is the solution?

Thank you!

5 Answers5

8

As Jeremy Stein pointed out, you can use the Disk Utility tool under the System -> Administration menus. When you select the Create Partition option, check the Encrypt Underlying Device box in the dialog box that is displayed:

Create Partition Dialog Box

This will create the partition on top of a LUKS encrypted space. The downside is that it appears to create it encrypted with AES128, and there doesn't seem to be an obvious way to change that. If AES128 is insufficient, then you'll need to create the LUKS partition manually, doing something similar to what https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage recommends.

Steve Beattie
  • 1,141
3

TrueCrypt is probably the best option, and it portable, so it lives on the USB :D

TheXed
  • 26,536
  • 1
    "i want to decrypt it using an Ubuntu 10.04 LiveCD, with no internet-connection." -> plus....i can't even download truecrypt, because the tar.gz file, that contains the sources is corrupt, at least when i want to download it from truecrypt.org..... -> but thank you! –  Oct 23 '10 at 23:14
  • The files work fine for me. Just checked both 32bit and 64bit. – TheXed Oct 24 '10 at 00:07
  • 2
    @Anonymous, I know you don't want to connect to the internet to decrypt, but I think TheX is suggesting that the TrueCrypt executable can live on the USB. – Jeremy Stein Oct 24 '10 at 11:16
  • 1
    Also, TrueCrypt is not included in most distros because it has a weird license, you might want to check out if you actually agree with it... – JanC Oct 24 '10 at 15:46
2

The only disk and filesystem encryption methods included on the live-CD are cryptsetup/LUKS (to encrypt a disk or partition) and eCryptFS (to encrypt the files on a complete or partial filesystem). Of course, if you want to use something else, you can also include the necessary packages on a small unencrypted partition / part of the filesystem so that you can install them in the live system before unlocking the encrypted part.

JanC
  • 19,422
1

Tutorial here: http://mobile.co.nz/2011/02/25/usb-encrypted-partion-in-ubuntu/

1

As for the Truecrypt issue, make sure you download the 32-bit file for 32-bit systems. If you download the 64-bit it won't run and may tell you that it is corrupt. Also be sure you extract it properly (don't open the package and drag the file out) this sometimes works, but sometimes it has problems.

Once you get Truecrypt installed, locate the binary. It's either in the /bin folder or /usr/bin I can't recall at the moment, but find Truecrypt and copy that to a small FAT partition of the USB drive.

You will want to have one small unencrypted FAT partition, and the rest of the USB stick encrypted, the small drive will have the compiled binary to run truecrypt on that distro.

If you plan to run Truecrypt on multiple distros, like one that uses deb and one that uses rpm, then be sure to compensate for this and create a folder on the smaller partition containing folders with each distros truecrypt binary, you could even include a windows version.

If you plan on mounting on windows, it would be easiest to use a windows native file system on the encypted drive, such as FAT or NTFS as Windows cannot natively read linux file systems without the use of special drivers.

David
  • 11