Create an Encrypted Bootable Flashdrive

Information security is becoming increasingly important, but why pay extra for a flash drive with built-in encryption when you can quickly and easily do it yourself using free, open source tools.

This tutorial will show you how to use Ubuntu 9.10 and some of the utilities it ships with to create a bootable USB flash drive with an encrypted partition. The encrypted partition will be directly accessible through any Linux machine with dmcrypt installed or through it's own bootable copy of Ubuntu Linux so if there isn't a Linux machine available you can just boot from the drive an access your data securly.

Before you begin you will need:

• A flash drive with a capacity of at least 2GB (this tutorial uses an 8GB drive. Adjust accordingly for your drive size)
• A computer running Ubuntu 9.10
• A copy of the Ubuntu 9.10 32-bit desktop edition iso file
• GParted installed on your Ubuntu machine

Step 1: Delete all data from the flash drive

This may seem a bit paranoid, but you want to make sure all data that has been stored on the drive is wiped clean. This command will overwrite the entire drive with zeros. Replace /dev/sdx with the actual location of your flash drive. BE VERY CAREFUL using this command. If you point it at the wrong drive (like say, the drive with your /boot partition or /home partition) it will irreversibly destroy all data on the drive starting with the MBR.

Let it run until it's complete (this will take a while on larger drives)

Step 2: Partition the drive with GParted

Create a 4GB partition formatted vfat at the beginning of the drive and click Apply Changes

Step 3: Create an encrypted partition using Disk Utility (System->Administration->Disk Utility)

Select the free space on your flash drive
Set a label (optional but recommended)
Select ext4 as the filesystem
Check the encrypt underlying device box
Click create
Set your passphrase
Click create

Step 4: Install Ubuntu on the flashdrive

Open the USB Startup Disk Creator (System->Administration->USB Startup Disk Creator)
Select your iso file under source disk image
Select the fat partition you created in Step 2
Set Stored in reserved extra space to the maximum allowed
Click Make startup disk (again, this will take a while on larger drives)

Step 5: Boot from the flash drive and finalize your install

Mount the encrypted drive by clicking Places->4.1GB Media
Enter your password to unlock the drive. Make sure to never select Remember Forever . We installed a persistent filesystem on the flash drive so it will save files, settings and passwords to the drive and remember them between boots.

The first time you mount it the system may refuse to open the drive. If this is the case open a terminal and enter the command:

sudo chown ubuntu:ubuntu /media/data

Where data is the label you used for your encrypted partition in step 3
Reboot the system

Now you can carry sensitive data around with you and relax knowing it is easily accessible and totally secure. (you did use a strong password, right?)