 Hey kids today, we're gonna learn how to encrypt USB drives because that's one of the most important things you should know how to do I got away with too many years of my life not encrypting drives It's a good idea to do it because the risk is too great. You don't want your stuff falling into someone else's hand I Encrypt all of my USB drives and I actually encrypt all of my hard drives on my computer as well Basically, so I'm gonna put this USB drive into my computer and we are going to learn about how to create an encrypted partition on it And by the way this script I'll show you this at the end of the video Does a lot of stuff mounting and un-mounting and decrypting itself automatically That's what I use on my computer so I don't have to run these commands manually every time Okay, so I just hooked up that USB drive You'll see that we have three hard drives attached right now. So we have SDA that is my main hard drive on my computer SDB is another hard drive I have attached and Lastly we have this one This SDD. This is the one that we just attached. Okay, so this is the this is the one we want to operate on So I'm gonna go ahead and become root because basically all these commands We need to run to set things up need to be run as root Now Firstly, I assume that you kind of already have a partition You probably already have a partition on your drive in which case you can skip this one step But just in case you don't you want to run fdisk on the drive in question So we want SDD so we want to run fdisk on dev SDD And then you'll want to delete all the partitions, you know Each time with D and then create a new partition give it basically the default options If you've installed Linux you probably already or if you've installed arch Linux or something or played around with stuff You probably know how to do this and then press deli to write it Either way all you need is you need to have some partition that you want to encrypt Okay, you can't just have the drive you have to have a partition under it So let's encrypt this now that we've done this I did that in two seconds But let's go ahead and use the command crypt setup Okay chances are I would say you probably have this already installed on your computer Even if you don't know that you've been I don't know running it But if you don't you can use your favorite package manager to install it however you want So crypt setup is the the command that is going to Format and open and decrypt all of these drives that we're going to be using So there are three commands in crypt setup that we need to know The first one we only need to know to set a drive up and that is lux format Um, and then once we have a drive and let's say you've encrypted a drive You have stuff on your your I don't know hard drive or your usb drive If you plug it up to a computer the command you run to open that is open And when you're done with it, you can run closed to close it out and the you know re-crypt it re-encrypt it Now it's still encrypted on the drive itself But it's just open to the computer and if you want to you know avoid that I don't know liability that surface area for attack you close it anyway So let's do it step by step though. Okay, so the first command as I said is lux format So lux just in case if you don't know Lux stands for I don't even actually know it's linux something something lux is like the linux encryptions You can look it up if you care But you'll hear people talking about it. I forget what it stands for exactly Either way you want to run that On dev sdd one. So this is the partition that we want to run it on So, uh, it's going to tell you oh, you are going to override all your data Type yes if you really want to do this So be sure to back things up if you you know, you don't And then at this point it's going to ask for a password And this is going to be the pass for password you use to decrypt your drive Now later on you can add or change Passwords and stuff like that. You can read the documentation for that I recommend just picking something strong and memorable Right off the bat. So I'm but in this case, I'm just going to use the word password So I'm going to do that. It's going to take a second to encrypt everything Um, taking more seconds than I expected. Okay. Now it's on So now Nothing looks different on lsblk, but what we can do now is we can run this command Crip setup open and we're going to run it on that same partition In our case dev sdd one And you need to give it a second argument and this can be whatever this is basically what you want to name it When you mount it, um now this does it. This isn't a permanent name This is only at the time that we are going to decrypt it right now on this computer So next time you do it, it can be something different. I'm just going to call it. Uh, I don't know drive Okay, something like that. Um, so I'm now it's going to ask you for a password and just give the password you gave before Okay to encrypt it and now what you should see is this drive because we've named it drive. It appears here Okay note. Also, this is what's going on in the main hard drive of my computer. It's actually a decrypted drive just like this Okay So things aren't done yet. Okay. There is one step We need to do for setup and then we also need to mount the drive. Okay So this one step for setup is we've decrypted this drive, but it actually doesn't even have a file system on it yet We haven't done that so we need to set this up as well. So what I'm going to do is run make Uh file system and I'm going to give I'm going to create a btrfs file system on it And so I'm going to run that on dev mapper Drive now again, you only need to run this once Um, and here's the important thing. I am running this on dev mapper drive right drive being the same thing as this right drive um When you first uh, when you decrypt a drive like we've just done it will appear in dev mapper And it's important to run this command on the thing in dev mapper not on dev sd d one because what that will do Is it will overwrite your encrypted partition with a new partition that isn't encrypted this, you know, uh, this new uh btrfs file system, which we don't want So I just ran it and it gave a bunch of output, but it worked. Okay. Trust me. It worked So now what we can do Is actually mount the thing. Okay. So as I said It is located in dev mapper drive and notice also we should have some other stuff in here Um, this is the main hard drive on my computer control of something else usb is actually a drive I just ripped out on my computer and without closing it out, but that doesn't matter Um, but anyway, so we can just mount this as if it's a normal partition now Okay, so we can put it in uh, mnt. Is there a Directly there? Okay. Yeah, we'll just mount it to mount. Okay So now it functions just like a normal drive. You can write files and let's actually write a file in here. Let's say um secret file So this is a secret file that only people with the password Can read okay All right, so that's um, that's all we need And uh, if we want to unmount our drive So what we can do is again normally with a normal drive you just run Unmount and it's unmounted and it's actually unmounted here too. So that works exactly Uh, it works for encrypted drives as well But the only other thing is as I said, there's this other command crypt setup And you probably want to run crypt setup close drive And what this does is remember when we ran the crypt setup open it decrypted the drive for access By our computer now we're just closing it Okay, so if someone hypothetically hadn't run this and your computer had been compromised, right Someone could have taken the data from your usb right in some way because it's easy for them to mount They don't know the password so they can't decrypt it. Okay um So now that should be closing uh, so Closed closing um, so drive has now disappeared and that's about it. So that's mounting and unmounting So just a reminder The only commands you need for now that we've created everything We've created the lux partition and the file system the btrfs File system the only things you need when you mount a or when you plug up a drive is you just run crypt setup on the drive excuse me open on the drive And then just give it a name doesn't matter what it is and then you'll decrypt it Okay, then get based on what your name is You can just mount it so dev mapper as the because that's what I gave it You can mount it to wherever you want and then once you're done with it. You can unmount it Right and then close the partition for extra safety Yeah, okay, so now that's how you do it right so I just opened it I could have written stuff and then I closed it up now the script that I made um Now for the longest time if you use my dot files I think hold down windows the windows key and you press f9 and that will mount a usv drive for you And hold down windows key and press f10 and it will unmount the drive Um, I've actually rewritten these scripts. I haven't forced I need to go ahead and update them I put the scripts with the repository, but I haven't forced them on the key bindings yet Um, but I've actually rewritten these scripts so that they can actually decrypt drive So all this stuff that I just did you don't even have to do that once you have a decrypted drive Let me show you how it actually works now Um, so if I go if I go over here and I type, uh, I just press my normal Well, we can be on another screen so that doesn't confuse me So now you can just press super and f9 and it will give you a menu of whatever drives you have that happen to be Mountable, um, and you'll notice that normal drives will have the floppy disk thing on it But encrypted drives will have the lock icon So if I select this it actually brings up a little terminal window that asks for my password So I'm going to put in my password Um, and that's going to decrypt in just a second and then it's going to ask you Where do you want to mount this? Okay, so I'm going to mount it in mount and then it's going to say, oh, it's been mounted So we can verify that that has worked By running that and you see it's attached and we can run the d unmount drive And it will unmount right so it also gives you a message that it's been securely locked So if you want to remount it again, it ran both of those commands. It didn't just unmount it. It also crypt setup closed it So, um, yeah, I've been using that recently. There are a couple of little changes I want to make to this script But in general it works perfectly well for encrypted drives. So that's about it that Now that's the general principles on how like lux partitions work Like how to use them how to mount them I will say that encrypting your main hard drive on your computer will require some extra steps Because um, you know, linux needs to have some certain, you know, stuff in grub and the startup enabled so that you can I I guess open them by default But next time yeah, maybe I should do like a artix Installation video where I I actually encrypt the in whole the whole hard drive and stuff. That might be a good idea Just to show how that works. So anyway, that is about it. Um, yeah, see you guys next time