Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Encrypting external hard drive partition.

  1. #1
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    234

    Default Encrypting external hard drive partition.

    Hi,

    I have an external USB hard drive that I would like to use as a backup.
    My "old" Maxtor usb/firewire is very fast and usefull, but it is not encrypted.

    My idea is to use the dm-crypt and cryptsetup/Luks and make a ext3 partition mount only with password.
    This would be suficient for protecting data.

    Does anyone tried this before?
    How is the beahviour of the USB drive when mounting after the encryption process. Does it automount and asks for the password?
    Or it as to be done manually with luksOpen ?

    Regards,
    Pedro

  2. #2

    Default Re: Encrypting external hard drive partition.

    I am running two encrypted disks but internal. The idea would be to make that disk identified by its UUID. Also if i'm not wrong if You remove the disk (after mounting it etc.) and try to boot without it then You'll encounter problems. I may be wrong but it will be asking You for the passphrase and You'll have three options:
    1) Forget it immediately
    2)Remember until logout
    3) Remember indefinitely (it's kinda stupid as You want it to be secure right?)
    How does a linux geek make love??

    - rtfm; unzip; strip; touch; finger; mount; fsck; more; yes; umount; zip; sleep;

  3. #3
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    234

    Default Re: Encrypting external hard drive partition.

    Hi,

    I do not want an encrypted disk.
    I want just an encrypted partition ...

    Quote Originally Posted by BenderBendingRodriguez View Post
    I am running two encrypted disks but internal. The idea would be to make that disk identified by its UUID.
    I also have my internal 500GB hard drive partitions encrypted.
    By the boot process is not configured to boot using UUID as mentioned in:

    Encrypted Root File System - openSUSE

    it is the normal device name.
    Mapper will also detect whatever is encrypted.
    But this is at boot time ...
    I was wondering what happens during usb connection ...

    Also if i'm not wrong if You remove the disk (after mounting it etc.) and try to boot without it then You'll encounter problems.
    Why?

    I may be wrong but it will be asking You for the passphrase and You'll have three options:
    1) Forget it immediately
    2)Remember until logout
    3) Remember indefinitely (it's kinda stupid as You want it to be secure right?)
    Option 3) is really a no go !


    My problem with the encrypted partitions is just the manual mount. It is not really a problem actually! But the convenience of mounting authomatically is precious.


    Regards,
    Pedro

  4. #4

    Default Re: Encrypting external hard drive partition.

    Problem with booting is simple, etc/fstab is not correct to what is available.

    And by disks i naturally meant partitions since there is ALMOST no real difference
    How does a linux geek make love??

    - rtfm; unzip; strip; touch; finger; mount; fsck; more; yes; umount; zip; sleep;

  5. #5
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    234

    Default Re: Encrypting external hard drive partition.

    Hi,


    Quote Originally Posted by BenderBendingRodriguez View Post
    Problem with booting is simple, etc/fstab is not correct to what is available.
    Hummm ... you are right, that is indeed the case ...
    In my laptop I will put a /dev/mapper entry ... but the problem is still mounting the disk (luksOpen) ... I have a strong feeling this can only be mounted on the shell ...

    And by disks i naturally meant partitions since there is ALMOST no real difference
    Indeed ... Why make things so complex

    Oh, googling around I found that the good Ubuntu folks have made some progress ...

    https://help.ubuntu.com/community/En...StorageOnHardy

    Regards,
    Pedro

  6. #6

    Default Re: Encrypting external hard drive partition.

    but the problem is still mounting the disk (luksOpen) ... I have a strong feeling this can only be mounted on the shell
    What do You mean by that? I'm using gnome and it automatically asks me if i want to mount it (after stting it up with dm-crypt etc.) set it up once and forget ??
    I was afraid on the beginning that if i have to reinstall the system then i will lose all the data (a guy convinced me pretty much about that).But now i know everything is stored on the encrypted disk I read a bit about how LUKS works so it's better now
    How does a linux geek make love??

    - rtfm; unzip; strip; touch; finger; mount; fsck; more; yes; umount; zip; sleep;

  7. #7
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    234

    Default Re: Encrypting external hard drive partition.

    Hi,


    Quote Originally Posted by BenderBendingRodriguez View Post
    What do You mean by that? I'm using gnome and it automatically asks me if i want to mount it (after stting it up with dm-crypt etc.) set it up once and forget ??
    Ok, I use KDE, I will check that stuff ..

    Meanwhile looking at the link:
    https://help.ubuntu.com/community/En...StorageOnHardy

    There is a dmesg list that detects a 500GB hdd disk ... and the author refers TWO days encription, I hope it is a /dev/random process ... not the one I intent to use ...

    Also I have a 1TB external drive ....

    I was afraid on the beginning that if i have to reinstall the system then i will lose all the data (a guy convinced me pretty much about that).But now i know everything is stored on the encrypted disk I read a bit about how LUKS works so it's better now
    Yeah ...
    I also had some problems with custom kernels compiled by me and the like ... and I never had a problem with luksFormat partitions ... even when I had to rebuild the /boot/grub/menu.lst with the correct kernel parameters...
    The data is there the partitions are there ... it is just a matter of correctly oppening the partitions.
    I fully trust this procedure ...

    Regards,
    Pedro

  8. #8
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    234

    Default Re: Encrypting external hard drive partition.

    Hi,

    Just finished dd if=/dev/urandom of=/dev/my_usb2.0_1TB_hdd and it took ...

    404207 s

    That is 4.67 days folks ...

    If someone tries this I recommend that it is better to use a PC that is available to remain always there for 5 days an always connected to the external disk as this is a very long process ...

    Regards,
    Pedro

  9. #9
    Join Date
    Mar 2008
    Location
    San Diego (California)
    Posts
    475

    Default Re: Encrypting external hard drive partition.

    4 days WOW!!! Incredible!!!!

    Does it work now? How is the performance?

    Also, it is not very clear to me why you should always boot with that device plugged. The encrypted drive should work at the same way on any computer, right? Any Opensuse (or possibly any Linux) should detect that it is an encrypted partition and ask for the password. Am i wrong on this? (i am not sure as i have never tried myself)
    If that is correct, then these computers might not have any fstab entry. So you could just remove the fstab entry on your machine and you would not need the device plugged at boot time.
    ~ There are 10 types of people. Those who understand binary, and those who don't. ~

  10. #10
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    234

    Default Re: Encrypting external hard drive partition.

    Hi,

    Sorry for the late reply.

    Quote Originally Posted by G0NZ0 View Post
    4 days WOW!!! Incredible!!!!
    I think that is CPU time ... it took about 5 days actually . It finished during night time I can't be precise about the actual time it took ...


    Does it work now? How is the performance?

    Oh Yes! it Runs perfectly !
    And it mounts very well, in KDE simply plug the usb cable and a pop-up asks for the password ... and then it gets mounted!
    Simple. (the mount dir still need a chmod a+wr has it mounts as root wr only ... I will change this ... )

    About performance: I did not yet run any of those performance utility commands just to check the actual specs.
    What I can say right now is that I am moving some DVD's (4.4GB/each) from internal hdd to the backup and I get speeds of up to 35MB/s ... ususally it is like 20-25MB/s, but this is very much dependent on the file size ... It gets to the 35MB/s .. I think this is the hdd max transfer limit for SATA2 5400rpm (not sure).

    I am also not sure if this is a performance problem, the disk I use is a Western Digital My Book, (essential edition)
    I think this device uses a Westen Digital Green disk ... it also does not mention any speed specifications.
    So quite frankly I really do not know about that specific issue.

    [/QUOTE]
    Also, it is not very clear to me why you should always boot with that device plugged. The encrypted drive should work at the same way on any computer, right? Any Opensuse (or possibly any Linux) should detect that it is an encrypted partition and ask for the password. Am i wrong on this? (i am not sure as i have never tried myself)
    If that is correct, then these computers might not have any fstab entry. So you could just remove the fstab entry on your machine and you would not need the device plugged at boot time.[/QUOTE]

    Humm ... Right ... well I never mentioned the "boot with" the device connected.
    That is not necessary ... My issue was simply around the fact that the automount process could possibly not kow what to do with a disk whose partition is encrypted.
    But that is indeed not the case.
    Like you mention, it Should run and be autodetected in Any Linux that contains the Luks tools and apropriate encryption modules (Sha and the like, all current Linux distros have no problem with this).
    The problem with fstab was that one ...

    But has I can assure: I just made a dd comand and then encrypted the partitions and thats it!
    Under kde 3.5 and kde 4 OpenSuSE 11.1 64 bits ... it simply just works

    The encryption process was simple: I just used the following commands:

    First:

    - fdisk /dev/sdb ... clear all partitions: with d option, then w option.
    Exit fdisk

    write random data to the disk:

    - dd if=/dev/urandom of=/dev/sdb (folks /dev/random takes _Even_ longer then urandom ... )

    this takes the 4.67 days +

    When finished create a Linux partition:

    - fdisk /dev/sdb

    created a primary partition, option n, then write, option w.

    Then :

    - cryptsetup -v --key-size 256 luksFormat /dev/sdb1


    Then:

    - cryptsetup luksOpen /dev/sdb1 securitybackup

    Then Format the new partitions:
    I used this advices from the Ubuntu link (for large disks):

    - mkfs -t ext3 -m 1 -O dir_index,filetype,sparse_super /dev/mapper/securitybackup


    Thats it!


    Regards,
    Pedro

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •