USB Backup Keys

How to create USB backup keys

Intro

As a developer using Linux, I want to use LUKS encryption on a USB backup device, So that my data remains protected even if the device is lost or stolen.

Purchase

2x portable storage devices

Prerequisites

Perform the same steps below for each portable storage device.

Find block device file

In this example it is /dev/sdb

lsblk # sudo dmesg | tail
sudo parted /dev/sdb

Zero the header

Zero the header to prepare for encryption

# Critical confirm "of" points to the correct block device file
sudo dd if=/dev/zero of=/dev/sdb bs=4M count=1

Remove and re-connect the storage device.

Create partition table

Erase and create a new partition table

sudo fdisk /dev/sdb <<EOF
g
w
EOF

Create partition

Create partition for storing secret materials (example below will use all available space):

sudo fdisk /dev/sdb <<EOF
n
 
 
 
w
EOF

Format partition

Format the partition (Write the passphrase down or memorize it):

echo <PASSWORD> | sudo cryptsetup -q luksFormat /dev/sdb1

Mount partition

Mount the partition:

echo <PASSWORD> | sudo cryptsetup -q luksOpen /dev/sdb1 gnupg-secrets

Create filesystem

Create an ext2 filesystem:

sudo mkfs.ext2 /dev/mapper/gnupg-secrets -L gnupg-$(date +%F)

Unmount and close the encrypted volume

Unmount and close the encrypted volume:

sudo umount /mnt/encrypted-storage
sudo cryptsetup luksClose gnupg-secrets