LUKS (Linux Unified Key Setup) is a disk-encryption specification created by Clemens Fruhwirth and originally intended for Linux. If you would like to encrypt your USB Flash Drive, here is How-to for you.
Make sure that you have device-mapper encryption/decryption module
lsmod |grep -i dm_crypt
dm_crypt 11084 2
List kernel supported encryption algorithms
cat /proc/crypto | grep name
name : ecb(arc4)
name : arc4
name : xts(aes)
name : xts(aes)
name : aes
name : aes
name : stdrng
name : crc32c
name : sha1
name : md5
Let’s say you have your USB Flash Drive at /dev/sdb
Check for badblocks (DANGER! -w flag is for writing test)
/sbin/badblocks -c 10240 -s -w -t random -v /dev/sdb
Filling with random data (takes time…)
dd if=/dev/urandom of=/dev/sdb bs=4k $ pid=$!
To check how many data written (it will not kill your dd)
kill -USR1 $pid // or # kill -SIGUSR1
Encrypt flash disk
cryptsetup luksFormat -c "aes-xts-plain64" --key-size 512 -y /dev/sdb
Make sure it’s encrypted
cryptsetup luksDump /dev/sdb
Open the LUKS device
cryptsetup luksOpen /dev/sdb sdbvol
Format it to your desirable FS
mkfs.ext4 -v /dev/mapper/sdbvol
Sync & Close volume
sync ; sync && cryptsetup luksClose sdbvol
Open the LUKS device and map it to sdbvol
cryptsetup luksOpen /dev/sdb sdbvol
Create directory and mount your volume
mkdir /mnt/sdb
mount /dev/mapper/sdbvol /mnt/sdb/
Now your USB Flash Drive is mounted on /mnt/sdb/ and you can write data there.
When you finish work, unmount FS and close volume
umount /mnt/sdb/ ; sync
cryptsetup luksClose sdbvol
Create new key (slot 1)
cryptsetup luksAddKey /dev/sdb
Remove old key (slot 0)
cryptsetup luksDelKey /dev/sdb 0
Luks supports up to 8 passwords/keys for the same volume