Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

LUKS is the native Linux method. It can be used in Windows with FreeOTF. There are other cross-platform methods like TrueCrypt.

Assuming that you know the device name (for this example, I’ll use /dev/sdb), to use LUKS:

# Be root.
cd /dev
su -

# Make sure that the device is not mounted.
umount sdb*

# Format the device for encryption.
cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha512 --key-size 512 \
                      --use-random --verify-passphrase sdb
cryptsetup luksOpen sdb luks-sdb

# Create a file-system.
mkfs -t ext4 -L "FILE_SYSTEM_LABEL" mapper/luks-sdb         # Linux Ext4, or
mkfs -t ntfs -L "FILE_SYSTEM_LABEL" mapper/luks-sdb         # Windows NTFS.

# Clean up.
cryptsetup luksClose mapper/luks-sdb
sync

Then next time you plug the device into Fedora, you’ll be prompted for the pass-phrase, and your chosen FILE_SYSTEM_LABEL will be used to identify the device in the file manager. On Windows you’ll need FreeOTF, and one of the Ext4 drivers if you use Ext4 (recommended; see here for an Ext4 on Windows summary article).

I don’t know about TrueCrypt, but I’m sure someone else can tell you about that.

LUKS is the native Linux method. It can be used in Windows with FreeOTF. There are other cross-platform methods like TrueCrypt.

Assuming that you know the device name (for this example, I’ll use /dev/sdb), to use LUKS:

# Be root.
cd /dev
su -

# Make sure that the device is not mounted.
umount sdb*

# Format the device for encryption.
cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha512 --key-size 512 \
                      --use-random --verify-passphrase sdb
cryptsetup luksOpen sdb luks-sdb
shred -n 1 mapper/luks-sdb

# Create a file-system.
mkfs -t ext4 -L "FILE_SYSTEM_LABEL" mapper/luks-sdb         # Linux Ext4, or
mkfs -t ntfs -L "FILE_SYSTEM_LABEL" mapper/luks-sdb         # Windows NTFS.

# Clean up.
cryptsetup luksClose mapper/luks-sdb
sync

Then next time you plug the device into Fedora, you’ll be prompted for the pass-phrase, and your chosen FILE_SYSTEM_LABEL will be used to identify the device in the file manager. On Windows you’ll need FreeOTF, and one of the Ext4 drivers if you use Ext4 (recommended; see here for an Ext4 on Windows summary article).

I don’t know about TrueCrypt, but I’m sure someone else can tell you about that.

click to hide/show revision 3
Add ownership change for Ext4

LUKS is the native Linux method. It can be used in Windows with FreeOTF. There are other cross-platform methods like TrueCrypt.

Assuming that you know the device name (for this example, I’ll use /dev/sdb), to use LUKS:

# Be root.
cd /dev
su -

# Make sure that the device is not mounted.
umount sdb*

# Format the device for encryption.
cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha512 --key-size 512 \
                      --use-random --verify-passphrase sdb
cryptsetup luksOpen sdb luks-sdb
shred -n 1 mapper/luks-sdb

# Create a file-system.
mkfs -t ext4 -L "FILE_SYSTEM_LABEL" mapper/luks-sdb         # Linux Ext4, or
mkfs -t ntfs -L "FILE_SYSTEM_LABEL" mapper/luks-sdb         # Windows NTFS.

# If using Ext4, make sure that you can write to it.
# Not needed for NTFS (unless you use NTFS-3G Windows-Linux user-mapping).
mount mapper/luks-sdb /mnt
chown your_user_name: /mnt
umount /mnt

# Clean up.
cryptsetup luksClose mapper/luks-sdb
sync

Then next time you plug the device into Fedora, you’ll be prompted for the pass-phrase, and your chosen FILE_SYSTEM_LABEL will be used to identify the device in the file manager. On Windows you’ll need FreeOTF, and one of the Ext4 drivers if you use Ext4 (recommended; see here for an Ext4 on Windows summary article).

I don’t know about TrueCrypt, but I’m sure someone else can tell you about that.

LUKS is the native Linux method. It can be used in Windows with FreeOTF. There are other cross-platform methods like TrueCrypt.

Assuming that you know the device name (for this example, I’ll use /dev/sdb), to use LUKS:

# Be root.
cd /dev
su -
-        # Or “sudo -s”.

# Make sure that the device is not mounted.
umount sdb*

# Format the device for encryption.
cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha512 --key-size 512 \
                      --use-random --verify-passphrase sdb
cryptsetup luksOpen sdb luks-sdb
shred -n 1 mapper/luks-sdb

# Create a file-system.
mkfs -t ext4 -L "FILE_SYSTEM_LABEL" mapper/luks-sdb         # Linux Ext4, or
mkfs -t ntfs -L "FILE_SYSTEM_LABEL" mapper/luks-sdb         # Windows NTFS.

# If using Ext4, make sure that you can write to it.
# Not needed for NTFS (unless you use NTFS-3G Windows-Linux Windows–Linux user-mapping).
mount mapper/luks-sdb /mnt
chown your_user_name: /mnt
umount /mnt

# Clean up.
cryptsetup luksClose mapper/luks-sdb
sync

Then next time you plug the device into Fedora, you’ll be prompted for the pass-phrase, and your chosen FILE_SYSTEM_LABEL will be used to identify the device in the file manager. On Windows you’ll need FreeOTF, and one of the Ext4 drivers if you use Ext4 (recommended; see here for an Ext4 on Windows summary article).

I don’t know about TrueCrypt, but I’m sure someone else can tell you about that.