Make a super-secret TrueCrypt(TM) passworded USB stick

Here's how to make a super-secret TrueCrypt(TM) passworded USB stick backup drive.

tcplay is a Linux, command-line program that we will use to set up an encrypted USB stick.

This will completely destroy any data on the stick, and make it (nearly) unusuable on Windows without some special drivers. We kind of don't want casual Windows users to even be able to even access our backup stick (or USB disk for us old-school backup operators), but if we wanted to use it on Windows, we could format it as ntfs instead of ext4. We also did not securely erase the USB stick first. There may be a reason to do that, if we were already converting an insecure backup stick to more secure, passworded stick. In that case, get rid of the z option. See 'man tcplay' for more options.

Encrypt the stick

  1. tcplay -cz -d /dev/sdb                                   ‪#‎convert‬ stick to TrueCrypt
  2. tcplay --map=tcplay_sdb --device=/dev/sdb ‪#‎map‬ it to some device?
  3. mkfs.ext4 /dev/mapper/tcplay_sdb ‪              #‎needs a filesystem, why not ext4?
  4. mkdir /mnt/bak                                              ‪#‎create a mount point
  5. mount /dev/mapper/tcplay_sdb /mnt/bak      ‪#‎mount it
  6. chown -R [user name].[group] /mnt/bak        #optional user, group permissions

tcplay will prompt for a password. The disk can now be accessed on /mnt/bak

tcplay has many more options. It can even set up a completely hidden partition inside the existing partition. They call it "plausible deniability".

Our stuff doesn't need to be plausibly denied. We merely want to back up customer data...

Use it again

  1. tcplay --map=tcplay_sdb --device=/dev/sdb
  2. mount /dev/mapper/tcplay_sdb /mnt/bak

Sometimes we make a drive image or clone an encrypted drive, and use that for a backup. We run into a situation where we need to mount the old, encrypted disk / partition with the same or duplicate physical / logical volume names. Here's how to solve the naming conflict.



    Information Technology (IT) Department

    Latest comments

    No comments