amazon's stuff!

Volete leggere Ziogianni sui cellulari nokia?
do you read this blog on your nokia ?
my Amazon wish list

luks + usb key = more security / piu’ sicurezza (bilingual)

Here i will describe a simple way to prepare an usb key so that it is crypted and automonted by linux debian (and hopefully other distrs too) …

  • insert usb key
  • using dmesg localize the “device” i.e. /dev/sdb
  • VERIFY, then verify and then verify that the key is really the device previously see (df -k can help you)
  • use fdisk to remove all partitions on the usb key (backup first)
  • use fdisk to create a new primary partition
  • save all modifications to the usb key
  • write random data on usb key
  • go on with cryptsetup
  • create FS… i like ext2 but feel free to use vfat or every fs that you like
  • now the key is ready…
  • test it!

I will suppose that you are able to proceed to re-create the partition… We had to write random data on the fresh create partition (we will call /dev/partition)
we will use:


badblocks -s -w -t random -v /dev/partition1
or
dd if=/dev/urandom of=/dev/partition1

now we can proceed to crypt every thing…

cryptsetup --verbose --verify-passphrase luksFormat /dev/partition1

then follow instructions.
now:


cryptsetup luksOpen /dev/sdb1 nameofmyusbkey
mke2fs /dev/mapper/nameofmyusbkey

surely you have a preferred label:

tune2fs /dev/mapper/nameofmyusbkey -L nameofchoose

here we are… extract and use!

And if you are going to use from command line:

cryptsetup -v luksOpen /dev/sdb1 mydevice
mount /dev/mapper/mydevice /mnt

and, do not forget to use:

modprobe usb-storage

before to try to mount it..

Now it is possible that you are not seeing your device listed nor by automounter, nor by fdisk -l.
You can use:
blkid | grep crypto
a possible output:
/dev/sdb1: UUID="BLA BLAH BLAH a lot of characters" TYPE="crypto_LUKS"
then:

cryptsetup luksOpen /dev/sdb1 myownencrypteddata

you will be asked to insert the passphrase.
and finally you can mount your device:


mount /dev/mapper/myownencrypteddata /mnt


Un modo semplice per preparare una chiavetta usb cifrata e ‘automontata’ da debian linux (e spero anche altre distribuzioni).

  • inserire la chiavetta usb
  • trovare il ‘device’ usando dmesg … per esempio /dev/sdb
  • VERIFICATE e poi VERIFICATE e infine VERIFICATE che il device trovato sia corretto (df -k potrebbe esservi di aiuto)
  • rimuovete tutte le partizioni presenti sulla chiavetta (prima il backup)
  • usate fdisk per creare la partizione necessaria
  • salavate le modifiche sulla chiavetta
  • scrivete dati casuali sul partizione
  • procedete concryptsetup
  • create il FS… a me piace ext2 ma usate il fs che volete… la chiavetta e’ vostra e i dati pure
  • la chiavetta e’ pronta
  • testatela

suppongo siate in grado di creare la partizione /dev/partition… per scriverci sopra dati casuali, useremo:


badblocks -s -w -t random -v /dev/partition1
or
dd if=/dev/urandom of=/dev/partition1

cifriamo tutto!

cryptsetup --verbose --verify-passphrase luksFormat /dev/partition1

Seguite le istruzioni.
Ora:


cryptsetup luksOpen /dev/sdb1 nameofmyusbkey
mke2fs /dev/mapper/nameofmyusbkey

configuriamo la label:

tune2fs /dev/mapper/nameofmyusbkey -L nameofchoose

ci siamo: estraete e usate!

Comments are closed.