Linux Encrypted Flash Drives - How To Create Flash Drive Encryption In Linux Systems

Linux Encrypted Flash Drives - How To Create Flash Drive Encryption In Linux Systems
Page content

It’s pretty easy to lose a flash drive: most of us have done that once or twice in our lives, yes, even (especially?) Linux geeks. Nor are they particularly difficult to steal, whether accidentally dropped or left in a public computer during even a quick bathroom break. Seeing that flash drives often contain sensitive information, it’s important to keep them encrypted, so that in the event of such a thievery, no dangerous identity theft will occur. Here’s a quick guide to making your flash drive secure.

Before You Begin

Though encrypting your flash drive is obviously a very important measure, there are a few other things you can do to prevent such things from occurring.

The obvious goal is to just not lose it in the first place. Keeping it with other important things that you really don’t want to lose is probably the easiest way: on your keyring, in your purse, whatever. No matter how you carry it around, make a habit of checking for it.

It’s also suggested to keep sensitive information on a separate flash drive from the one that you use for more general use. This way, even if you lose your flash drive, it’s more likely it’ll be the one you more commonly use, which will not have sensitive data on it.

Also, some versions of some distros do not work with auto-mounting encrypted flash drives, instead requiring you to do it manually, such as Debian Etch and Ubuntu Gutsy Gibbon.

Without further ado, USB device encryption software available for Linux:

TrueCrypt

When it comes to encrypting flash drives in Linux, TrueCrypt is the most popular option out there. Free and open-source, this software is also available for Windows and Mac, and works with every distro of Linux.

How it works is basically by creating a transparent, virtual encrypted disk, and mounts that instead. To access the rest of the flash drive, you are prompted for your password, and then mount the actual flash drive. It can encrypt either a single partition of a USB device, or the entire thing—nor is it just limited to flash drives, as it can work on virtually any storage unit. It’s also very easy to set up and install - there’s a reason it’s toted as “on the fly” encryption. For more information and features, check out the TrueCrypt website.

The catch? Wherever you use your flash drive, whichever computer or laptop, TrueCrypt has to be installed for you to use the encryption tool. While some may view this as just an additional security measure, others view it as an inconvenience.

FreeOTFE

“Free” and “On the Fly Encryption” - the name of this program is certainly a good start. In addition to working on a variety of MS Windows systems, including PDA, it also works every bit as well for Linux distros. It works in basically the same way as TrueCrypt: it creates a virtual transparent disk that is mounted instead of the actual disk, until the user is prompted for a password.

OTFE differs in some important ways from TrueCrypt, which makes some people prefer it. The program for it is carried entirely on the flash drive, meaning that you don’t need the program installed on the computers where you want to use the flash drive. For more information, including additional features and installation tips, check out the FreeOTFE Linux website.

GNU Privacy Guard

No, this isn’t some new software—you have to do this completely at the command line. Nor is it specific to your flash drive. What GNU Privacy Guard, or GPG, does is allows you to create passwords for whatever you’d like, files or partitions of devices. It is included on several distros, including Red Hat. For more information on GNU Privacy Guard, including how to use the command line functions, check out this great how-to guide for GPG or the GPG main website.

However, that being said, there are numerous frontend programs utilizing GNU Privacy Guard, for instance, GPA, the GNU Privacy Assistant. There are also other GPG frontends available for a variety of desktop environments and distros, designed to make the encryption process more user-friendly than punching away at a command line.