1

I was thinking about having an encrypted USB flash memory where I would store some passwords and that kind of information. I want it to be encrypted just in case I lose it and someone finds it.

I was wondering if it's possible to "encrypt" using public keys like in SSH. I don't know if it would be called encryption but the idea would be that the only way to access to the files in the USB is having the key in your computer (just like as in SSH).

In case that's not possible, encrypting a single file with the same idea, would do it.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Ckubrak
  • 93
  • assuming you don't care about the actual SSH keys, consider something like GPG – Jeff Schaller Apr 18 '16 at 17:00
  • Also, you might consider using a password safe (if you're not already) instead of storing passwords in plain text and encrypting the whole disk. – Liam Apr 18 '16 at 21:40

2 Answers2

1

You can use gpg for asymmetric encryption. Basically you do the following (after you generated a gpg key):

$ gpg -ea -r me@domain.org file.ext

This will create an encrypted file called file.ext.asc in your current directory (-r specifies the recipient, in this case that's you). To decrypt do the following

 $ gpg -d file.ext.asc > file.asc
 You need a passphrase to unlock the secret key for user: "Real Name
 (Comment) <me@domain.org>" 2048-bit ELG-E key, ID 7F72A50F, created
 2007-12-01 (main key ID 9B1386E2) 
 Enter passphrase:

(source).

If you want to use this on file system level, you can combine this with the other answer. Generate a random key:

$ dd if=/dev/urandom of=random-key count=1024
$ gpg -ea -r me@domain.org random-key

and use the following to create and unlock your file system

$ gpg -d random-key.asc | cryptsetup luksFormat /dev/sdXY -d -
$ gpg -d random-key.asc | cryptsetup luksOpen /dev/sdXY usbstick -d -

-d is shorthand for --key-file. Disclaimer: Those commands are untested. Read yourself into gpg first and try this without important data!

Sebb
  • 626
  • 1
  • 5
  • 11
0

You can use cryptsetup to LUKS encrypt the USB drive and specify the key file when doing the LUKS format. I believe this should do the trick: 

cryptsetup luksFormat /dev/sdXY --key-file=/path/to/keyfile

Then you can open it with: 

cryptsetup luksOpen /dev/sdXY usbstick --key-file=/path/to/keyfile

After this you can proceed with partitioning.

Dee
  • 1
  • Note that this will use your encrypted ssh key and will be symmetric - i.e. when you use your public key you will need your public key to decrypt. – Sebb Apr 18 '16 at 18:06