Encrypting USB external harddrive

[robz0rz]

Hi all

I bought a 500GB Western Digital external harddrive today. I would like to create one huge ext3 partition on it and use it for file storage. However, I would like to use some sort of encryption (I don't want anyone else to be able to access the data I will be storing on it). I know absolutely nothing about encryption that could help me right now. These are some questions

· HOW do I encrypt my drive???
· Should I encrypt the partition before putting any data on it, or can a full encryption be enforced even after data has been stored (meaning all the data on it would get encrypted)
· What are my choices of encryption? What do I want?
· How much does encryption affect the drives performance?
· Could I have some sort of automatic way that would automaticly open the drive for access once I login (through a startup script for example) without severly decreasing the security (people finding out the key by stealing my laptop for example)?


Thanks in advance

[HROAdmin26]

HOW do I encrypt my drive???

Depends on which encryption scheme you use.

Should I encrypt the partition before putting any data on it, or can a full encryption be enforced even after data has been stored (meaning all the data on it would get encrypted)

Depends on the encryption scheme, but for most Linux options, you create an encrypted container (hard drive, partition, file) first, and then put data in it.

What are my choices of encryption? What do I want?

You have to decide what you want. Not all encryption options are created equal. Some use bad choices/assumptions that lead to easily cracked data. Linux Magazine Issue 72 had a good article on encryption options - article "Encrypted Filesystems." My own preference is the LUKS-enabled cryptsetup command.

How much does encryption affect the drives performance?

This depends on the hardware.

Could I have some sort of automatic way that would automaticly open the drive for access once I login (through a startup script for example) without severly decreasing the security (people finding out the key by stealing my laptop for example)?

Yes, up to a point. You can use a script that runs the commands to mount the partition, but of course it requires the manual input of the passphrase. Storing the passphrase anywhere on the system (or anywhere else) would defeat the purpose.

[Ziplock]

LUKS is a great way of doing it. A google search will find plenty of howtos. The best part is that it can be used between Linux and Windows.

[robz0rz]

I decided to go with LUKS. I've managed to encrypt my external harddrive, and when I connect it, Gnome automatically prompts me for the passphrase. This is all wonderful, except that for some reason, when the drive gets mounted, I don't have writing privileges to it being a normal user...

Should I make a special entry for this drive in /etc/fstab or in /etc/crypttab so that I can access the drive as a user? If so, what would that be?

I don't understand why I'm not allowed to write to it... Any normal usb-stick (Fat32) is mounted as read-write, so why would a external harddrive (ext3+luks) be different?

[vickey_20]

are you using a superuser account or a under privileged account?

[robz0rz]

I'm using an ordinary user account (not superuser). I'm using Arch Linux with Gnome, and when I plugin my drive, it prompts me for the passphrase and it mounts as '/media/WDMyBook'.

However, I don't have any writing rights to this drive (I guess I have read rights, but seeing the drive is empty I can never be sure. There is a lost+found folder though)

The drive is formated as ext3.

Here is a screenshot of the volume#s properties in gnome with some more information:

[Ziplock]

Once the device is mounted, you need to do:

Code:

chmod 775 /media/WDMyBook

to set the permissions properly for writing.

[vickey_20]

you can change the permission or simply use a superuser account as it has all the permissions.

[Ziplock]

you can change the permission or simply use a superuser account as it has all the permissions.

Yes, you can log in as root and do it, but much better to set up the permissions so that it is run as the normal user. Below is a link to the reasons why:

EXPLAIN: Why Not Log On As Root? : New Linux User -

[robz0rz]

In fact, the correct permisions were 777. Now it works The owner of the drive is set as root and the group is also root. So I had to give "others" read/write/exec permissions aswell.