I just got a brand new Sony Micro Vault Tiny USB key. As you can see on the picture, it’s about half the size of an SD card, although slightly thicker. The trick it uses to be so small is to slide directly inside the USB port. The size makes it very handy to keep in a wallet, and it can be used with any USB port without requiring any adapter, cable or card reader.
Just like with the previous USB keys and SD cards I’ve owned, it will be used to backup important data which I want to carry with me at all times. But just like any other important work and personal data, I don’t want anyone to be able to read it, so most of the key will be encrypted.
For encryption, I use LUKS, since it’s nicely integrated into GNOME and has been for a while (in Fedora since Fedora Core 5, so also in RHEL5). But since it’s a hassle to access such a partition from Windows computers, I find it handy to partition the key in two and also keep a simple unencrypted FAT32 partition which can be used to exchange non sensitive data easily with just about any computer.
Here is the device’s partition table. I’ve wiped out the original one, along with all the useless Windows programs Sony provides :
# fdisk -l /dev/sdf Disk /dev/sdf: 4059 MB, 4059561984 bytes 229 heads, 32 sectors/track, 1081 cylinders Units = cylinders of 7328 * 512 = 3751936 bytes Disk identifier: 0xc3072e18 Device Boot Start End Blocks Id System /dev/sdf1 1 228 835376 c W95 FAT32 (LBA) /dev/sdf2 229 1081 3125392 83 Linux
To create the FAT32 filesystem :
# Format as FAT32 with a nice label mkfs.vfat -n "FAT Vault" /dev/sdf1
To create the LUKS encrypted volume with EXT3 on top :
# Install the required tools yum install cryptsetup-luks # Create the LUKS volume, set the passphrase cryptsetup --verbose --verify-passphrase luksFormat /dev/sdf2 # Open the LUKS volume, enter the passphrase which was just set cryptsetup luksOpen /dev/sdf2 vault # Format as EXT3 with a nice label and 0% space reserved for root mkfs.ext3 -L "GNU Vault" -m 0 /dev/mapper/vault # Disable forced filesystem checks tune2fs -c 0 -i 0 /dev/mapper/vault # Close the LUKS volume cryptsetup luksClose /dev/mapper/vault
After this is done, remove the USB key and insert it again. If you are running GNOME, the “FAT Vault” partition should show up automatically, and for the “GNU Vault” you should be prompted for the passphrase you’ve set when creating the LUKS volume. Once entered, the “GNU Vault” partition’s content should also show up. That’s it!