Introduction
In case you will loose your USB stick, all data stored on it will be lost and what is more important they will be most likely in hands of some other person which will then have an access to your private information and use this information in any way s/he sees fit. This is one of many fears of USB stick users. One solution which can be easily applied is to not to store any private information on USB stick, however this will diminish a prime usage of your USB stick to a bare minimum as all non-private data usually do not have to be stored on USB since they can be almost always downloaded anytime and anywhere from the Internet. Another solution is to encrypt your USB stick so it will be accessible only to those users who posses a correct password which will fit to decrypt an used encryption method. This article will deal with the second solution and that is encryption of an USB stick device.
Although encrypting an USB stick seems to be the best and easiest solution it must be said that it also comes with number of disadvantages. The first disadvantage is that decryption of the USB key must be done using a Linux system with kernel version 2.6 and higher which has a "dm_crypt" module loaded in the running kernel. In other words, you cannot use your encrypted USB stick on any Windows machine and UNIX-like system with kernel version below 2.6. Therefore, to encrypt only a part of USB stick which holds only a private information seems to be a good solution. In this article we will use USB stick of capacity 16GB known to the system as a block device /dev/sdc. We first partition the disk to hold two partitions, one for encrypted data and the other for non-private data and then encrypt only single partition intended to hold private data.
NOTE:
All data on your USB stick will be destroyed so Back up your USB stick before continuing. Replace /dev/sdX with file name of your USB block device.
Partitioning an USB stick
Let's start with partitioning of our USB stick. Insert your USB stick into PC's USB slot and as a root user execute:
# parted -l
Search the output of parted command and retrieve a Disk's file name of your USB stick. As it was already mentioned before, in this article we will use /dev/sdc. Once we have a file name of our USB stick we can create partitions to be used for encryption and for storage of non-private data. In my case I will split the USB stick into two partitions, first with size of 2GB and the rest of the space will be used to create second partition and this will produce /dev/sdc1 and /dev/sdc2 respectively. Use any partition tool you see fit for this purpose, in this article I will use parted as it seems to be becoming a standard these days:
# parted /dev/sdX
Following commands are executed within a parted interactive mode:
(parted) mkpart primary 0.0 2GB
(parted) mkpartfs primary fat32 2GB -1s
(parted) quit
First parted command had created a primary partition with size of 2GB and this partition ( /dev/sdX1 ) will be used to store encrypted data. Second command created a second partition with fat32 file system ( /dev/sdX2 ) starting from 2GB up to last sector ( -1s ). The second partition will serve as a general storage. The final look of your USB stick partition table may look similar to the one below:
Disk /dev/sdc: 16.2 GB, 16236150784 bytes
255 heads, 63 sectors/track, 1973 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000cd7ef
Device Boot Start End Blocks Id System
/dev/sdc1 1 243 1951866 83 Linux
/dev/sdc2 244 1974 13903718+ c W95 FAT32 (LBA)
|