This morning, I format my usb key and create 2 partitions, a FAT one to share files with most hosts, and a crypted ext2 one for my personal data. The first part is very simple (fdisk,mkfs.vfat), so was the crypted part: It’s much more simpler than in the past, when you had to patch kernel a lot of times, losetuping the device, try the passkey, etc.
To do that, I followed the “Howto disk encryption with dm crypt luks and debian” tutorial.
The procedure to me was the following one. Firstly, we create the partitions with fdisk:
Disk initialization: We create the encrypted layer of the device:
You’ll have a /dev/mapper/cryptedDevice which is a virtual device, and you’ll be able to format it:
At this moment, the device is mounted and fully usable! To demount and disconnect it:
With Ubuntu/Fedora, when a key is encrypted partition is created like this, you just have to unplug/plug the usb key to automaticaly recognize the encrypted partition and mount it (a GUI will popup to have you insert the passkey). For others, you may have to recreate the virtual device (with cryptsetup luksOpen). You’ll also be able to add/remove passkeys with luksAddKey and luksDelKey.
See also Encrypted Device Using LUKS.