Okay So the Linux we are talking about at this time is Kubuntu.
And what we will use for will be luks.
It should work similarly on other’s but not guarantee.

Part ONE – Encrypting usb

  1. First make sure you have an access to cryptsetup, if not install it

    sudo apt-get install cryptsetup

  2. Use gparted or any other partition manager to create your partition.
    The easiest thing will be to erase the drive table and just create one ext4 partition.
  3. Now lets see our partition table  ( Find partition by typing lsblk )
  4. Let say our partition is sdb1, so let’s create luks encrypted partition there

    sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1

  5. Okay now our partition is created but is just partition we need to acces it and setup “format”.
    I’ll call it sdb1 so this should be less confusing for everyone.

    sudo cryptsetup luksOpen /dev/sdb1 sdb1

    The first path is our partition location second is a name that we will refer to

  6. Now if you type fdisk -l you should see partition like /dev/mapper/sdb1
    If you see it it’s okay to go to next step.
  7. Now we need to prepare partition to do that we will format it as ext4 partition

    sudo mkfs.ext4 /dev/mapper/sdb1

  8. We will also remove the reserved space as by default the reserved space for ext4 is 5% of total drive.
    And if you’re drive is large that 5% could mean a lot. This is normal done so as normal user you will never run out of space but we do not need this here.

    sudo tune2fs -m 0 /dev/mapper/sdb1

  9. We will create an folder in mmt.

    mkdir /mnt/drive

  10. Now let’s mount the drive

    mount /dev/mapper/sdb1 /mnt/drive

  11. By default as normal user cant browse the encrypted partition so to fix that.
    And let’s change the ownership of the folder to our local user.

    chown -R user: user /mnt/drive

  12. Okay now all is set-up.
    You can check with lsblk if the mounting point of sdb1 is our /mnt/drive.
    And if it is you can throw there text file or something.
  13. Now it’s nice to unmount and close the partition. Sometimes it does not work so force it or lazy umount.
    For that use google.

    sudo umount /dev/mapper/sdb1

  14. And at the end let’s close the partition

    sudo cryptsetup luksClose sdb1

Part One Extra

To make our USB auto mountable we will generate an key and we
will add a key to our partition.With this key we can unlock the partition.
We also can unlock the partition with normal passphrase.
You will have to options one is to skip this part.

And use none as a Keyfile which will prompt the user to enter a password on each startup.
However if your main drive is already encrypted and you have to enter a password anyway.
Just store the key on the encrypted partition ( system drive ), so it will be automatically
mounted after successful boot.

Adding Keyfile to existing luks partition

  1.  Let’s assume we act as sudo. And we need to generate a key.
    You can also use any other file you want image video etc.
    Best easiest key will be to just generate RSA key.
    We will call our file   file.key  and we gone create it inside /root directory.

    openssl genrsa -out /root/file.key 4096

  2. Now we need to prompt the key into our drive

    cryptsetup luksAddKey /dev/sdb1 /root/file.key

    You should be prompt -ed to enter original password

  3. Now the disk could be unlocked with passphrase or file. Key

Part two – Auto mount encrypted partition

  1. Find the UUID of the drive.

    cryptsetup luksUUID /dev/sdb1

    Get the uuid of the drive

  2. Now go and edit crypttab

    nano /etc/crypttab

  3. Add folowing line
    -> if you are not using keyfile ( system will ask during boot for password )

    sdb1 UUID=324234234234234234 none luks

    if you are using keyfile

    sdb1 UUID=324234234234234234 /root/file.key luks

  4. Now the partition will be automatically decrypted during the boot if the passphrasse will be entered or if you enter correct key file.
  5. Partition is decrypted but not mounted and to fix that we need to add an fstab entry.
    So open fstab

    nano /etc/fstab

    And lets att there this entry

    /dev/mapper/sdb1 /mnt/drive ext4 defaults 0 2