USB Backup Keys

How to create USB backup keys

As a developer using Linux, I want to use LUKS encryption on a USB backup device, So that my data remains protected even if the device is lost or stolen.

2x portable storage devices

Perform the same steps below for each portable storage device.

In this example it is /dev/sdb

lsblk # sudo dmesg | tail
sudo parted /dev/sdb

Zero the header to prepare for encryption

# Critical confirm "of" points to the correct block device file
sudo dd if=/dev/zero of=/dev/sdb bs=4M count=1

Remove and re-connect the storage device.

Erase and create a new partition table

sudo fdisk /dev/sdb <<EOF
g
w
EOF

Create partition for storing secret materials (example below will use all available space):

sudo fdisk /dev/sdb <<EOF
n
 
 
 
w
EOF

Format the partition (Write the passphrase down or memorize it):

echo <PASSWORD> | sudo cryptsetup -q luksFormat /dev/sdb1

Mount the partition:

echo <PASSWORD> | sudo cryptsetup -q luksOpen /dev/sdb1 gnupg-secrets

Create an ext2 filesystem:

sudo mkfs.ext2 /dev/mapper/gnupg-secrets -L gnupg-$(date +%F)

Unmount and close the encrypted volume:

sudo umount /mnt/encrypted-storage
sudo cryptsetup luksClose gnupg-secrets