Quick guide on how to encrypt a USB key with LUKS, the Linux Unified Key Setup disk encryption standard.
The goal here is to create a USB key or disk containing 2 partitions:
- A standard FAT32 partition compatible with any system, to keep your USB key useful in any situation
- A passphrase protected partition to store sensible data from a Linux system
I’ll be using Disks on Gnome (gnome-disk-utility 3.32.1).
First step : format the USB key as an Extended partition. This will allow you to create multiple child partitions.
Then create a standard FAT32 partition compatible with Windows, MacOS and Linux to store your documents. This partition won’t be protected.
With the remaining space, create a EXT4 partition and check the “Password protected volume (LUKS)” option. Enter a strong passphrase.
Done. When plugging the key to a system, the FAT32 volume will automatically mount, while the LUKS volume prompts for the passphrase.