Encrypting USB Drives // Dan's Tech Journey

One thing I started doing was carrying a USB drive on my keychain. One issue I thought of is what happens if I lose my keys? Anyone who picks it up could read all of the info I keep on it. Here is a guide to fix that by encrypting the USB drive.

Downloads

First we need to download VeraCrypt for the OS you are using. I will be downloading VeraCrypt for Ubuntu, Mac OS, and Windows. Here is the page to download.

Formatting USB Drive

Find which drive is the usb drive. I use the lsblk command for this.

dan@ubuntu-test:~$ lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    1 117.8G  0 disk 
nvme0n1     259:0    0 931.5G  0 disk 
├─nvme0n1p1 259:1    0   512M  0 part /boot/efi
└─nvme0n1p2 259:2    0   931G  0 part /
nvme1n1     259:3    0 953.9G  0 disk 
├─nvme1n1p1 259:4    0 953.1G  0 part 
└─nvme1n1p2 259:5    0   832M  0 part

For me it is /dev/sda. Now use parted to create the new partition on /dev/sda.

dan@ubuntu-test:~$ sudo parted /dev/sda
GNU Parted 3.4
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) mktable gpt                                                      
Warning: The existing disk label on /dev/sda will be destroyed and all data on
this disk will be lost. Do you want to continue?
Yes/No? yes                                                               
(parted) mkpart                                                       
Partition name?                                                     
File system type? ext4                                           
Start? 0                                                                  
End? -1                                                                   
Warning: The resulting partition is not properly aligned for best performance:
34s % 2048s != 0s
Ignore/Cancel? Ignore                                                     
(parted) p                                                                
Model: USB Flash Disk (scsi)
Disk /dev/sda: 126GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End    Size   File system  Name  Flags
 1      17.4kB  126GB  126GB  ext4

(parted) q                                                                
Information: You may need to update /etc/fstab.

Now format the partition.

dan@ubuntu-test:~$ sudo mkfs.exfat -n keyring /dev/sda1
mkexfatfs 1.3.0
Creating... done.
Flushing... done.
File system created successfully.

Upload VeraCrypt

For any computer accessing our USB Drive we will need VeraCrypt installed. Copy all of the VeraCrypt install files to the USB for convenience later on when accessing from other computers.

Install VeraCrypt

Install VeraCrypt from the setup file for your OS. For linux we will be using the cli version.

 sudo dpkg -i veracrypt-console-1.25.4-Ubuntu-21.04-amd64.deb

Create Encrypted Volume

Next create the volume.

dan@ubuntu-test:~/Downloads$ veracrypt -t -c /media/dan/keyring/filesystem --filesystem exfat --volume-type=Normal --size 10G --encryption AES --hash SHA-512 --random-source /dev/urandom 

Enter password: 
Re-enter password: 

Enter PIM: 

Enter keyfile path [none]: 
             
Done: 100.000%  Speed:  24 MiB/s  Left: 0 s         

Enter your user password or administrator password: 
The VeraCrypt volume has been successfully created.

Mount Encrypted Volume

veracrypt --mount /media/dan/keyring/filesystem

Mounting on other Computers

To mount on other computers follow the install and mount steps above on other computers. Use the install file on the USB drive for the OS of your choice. The user interface may be needed with other OS.