HomeBlogsdale's blog

Encrypted USB Key Fob

dale's picture
Tue, 12/11/2007 - 03:37 — dale

I found a 1G USB key on the sidewalk today. The plastic case was missing and it was a bit muddy but it works. So, I decided to play around and set it up with an encrypted filesystem on Fedora 8.

If you run gnome then you will be prompted for the password when you insert the thumbdrive.

#!/bin/bash
################################################################################
# Dale Bewley 
# Mon Dec 10 2007
# Encrypt a USB key fob for use in linux.
# This will totally nuke any existing data.
################################################################################

# where is the device?
USBKEY=/dev/sdb

# test the device and write random data to it at the same time
/sbin/badblocks -c 10240 -s -w -t random -v $USBKEY

# create a partition filling all the space
echo "0 + L" | /sbin/sfdisk $USBKEY
         
# setup the crypto device 
# I tried 512 bit key size and got:
# Failed to setup dm-crypt key mapping.
# Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify
# that /dev/sdb1 contains at least 508 sectors.
/sbin/cryptsetup --verbose \
    --verify-passphrase \ 
    --cipher aes-cbc-essiv:sha256 \
    --key-size 256 \
    luksFormat ${USBKEY}1
    
# open and create /dev/mapper/usb-crypto
/sbin/cryptsetup -v luksOpen ${USBKEY}1 usb-crypto

# create ext3 filesystem in crypto device
/sbin/mke2fs -j -m 1 /dev/mapper/usb-crypto
    
# close it up and pull it out
/sbin/cryptsetup -v luksClose /dev/mapper/usb-crypto