dm-crypt/LUKS [usb volume]

root@c3p0:~# tail -n 17  /var/log/messages
Sep 22 15:26:24 c3p0 kernel: [33594.483290] usb 2-1: new SuperSpeed USB device number 8 using xhci_hcd
Sep 22 15:26:24 c3p0 kernel: [33594.503970] usb 2-1: New USB device found, idVendor=0781, idProduct=5581
Sep 22 15:26:24 c3p0 kernel: [33594.503976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Sep 22 15:26:24 c3p0 kernel: [33594.503979] usb 2-1: Product: Ultra
Sep 22 15:26:24 c3p0 kernel: [33594.503982] usb 2-1: Manufacturer: SanDisk
Sep 22 15:26:24 c3p0 kernel: [33594.503985] usb 2-1: SerialNumber: 4C530001290824104270
Sep 22 15:26:24 c3p0 kernel: [33594.505567] usb-storage 2-1:1.0: USB Mass Storage device detected
Sep 22 15:26:24 c3p0 kernel: [33594.505720] scsi host4: usb-storage 2-1:1.0
Sep 22 15:26:24 c3p0 mtp-probe: checking bus 2, device 8: "/sys/devices/pci0000:00/0000:00:14.0/usb2/2-1"
Sep 22 15:26:24 c3p0 mtp-probe: bus: 2, device: 8 was not an MTP device
Sep 22 15:26:25 c3p0 kernel: [33595.520023] scsi 4:0:0:0: Direct-Access     SanDisk  Ultra            1.00 PQ: 0 ANSI: 6
Sep 22 15:26:25 c3p0 kernel: [33595.521261] sd 4:0:0:0: Attached scsi generic sg4 type 0
Sep 22 15:26:25 c3p0 kernel: [33595.521431] sd 4:0:0:0: [sdd] 244383744 512-byte logical blocks: (125 GB/117 GiB)
Sep 22 15:26:25 c3p0 kernel: [33595.522302] sd 4:0:0:0: [sdd] Write Protect is off
Sep 22 15:26:25 c3p0 kernel: [33595.522599] sd 4:0:0:0: [sdd] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
Sep 22 15:26:25 c3p0 kernel: [33595.548502]  sdd: sdd1
Sep 22 15:26:25 c3p0 kernel: [33595.549687] sd 4:0:0:0: [sdd] Attached SCSI removable disk


root@c3p0:~# parted /dev/sdd                                              
GNU Parted 3.2
Using /dev/sdd
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p                                                                
Model: SanDisk Ultra (scsi)
Disk /dev/sdd: 125GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start  End  Size  Type  File system  Flags

(parted) mklabel gpt                                                      
Warning: The existing disk label on /dev/sdd will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? Yes                                                               
(parted) mkpart primary 1 -1                                              
(parted) print                                                            
Model: SanDisk Ultra (scsi)
Disk /dev/sdd: 125GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End    Size   File system  Name     Flags
 1      1049kB  125GB  125GB               primary

(parted) quit                                                             
Information: You may need to update /etc/fstab.

root@c3p0:~#    
root@c3p0:~# shred --verbose --random-source=/dev/urandom --iterations=2 /dev/sdd1
shred: /dev/sdd1: pass 1/2 (random)...
shred: /dev/sdd1: pass 1/2 (random)...31MiB/117GiB 0%
shred: /dev/sdd1: pass 1/2 (random)...80MiB/117GiB 0%
shred: /dev/sdd1: pass 1/2 (random)...106MiB/117GiB 0%
...

shred: /dev/sdd1: pass 2/2 (random)...114GiB/117GiB 97%
shred: /dev/sdd1: pass 2/2 (random)...115GiB/117GiB 98%
shred: /dev/sdd1: pass 2/2 (random)...116GiB/117GiB 99%
shred: /dev/sdd1: pass 2/2 (random)...117GiB/117GiB 100%
root@c3p0:~# 


sm0ketst@c3p0:~$ echo -n "yourpasswordhere" > ~/secret.key
sm0ketst@c3p0:~$ sudo cryptsetup luksFormat /dev/sdd1 ~/secret.key 

WARNING!
========
This will overwrite data on /dev/sdd1 irrevocably.

Are you sure? (Type uppercase yes): YES
sm0ketst@c3p0:~$ 
sm0ketst@c3p0:~$ sudo cryptsetup luksOpen /dev/sdd1 sandisk128gb
Enter passphrase for /dev/sdd1: 
sm0ketst@c3p0:~$ sudo cryptsetup close sandisk128gb

sm0ketst@c3p0:~$ sudo cryptsetup luksOpen /dev/sdd1 sandisk128gb --key-file=/home/sm0ketst/secret.key 
sm0ketst@c3p0:~$ sudo dmsetup table --showkeys
sandisk128gb: 0 244375552 crypt aes-xts-plain64 1f607f3dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5b 0 8:49 4096

sm0ketst@c3p0:~$ sudo cryptsetup luksAddKey /dev/sdd1 /home/sm0ketst/secret.key --key-file=/home/sm0ketst/secret.key 
sm0ketst@c3p0:~$ sudo dmsetup table --showkeys
sandisk128gb: 0 244375552 crypt aes-xts-plain64 1f607f3dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5b 0 8:49 4096
sm0ketst@c3p0:~$ ls -la /dev/mapper/
total 0
drwxr-xr-x  2 root root      80 Sep 22 19:49 .
drwxr-xr-x 22 root root    4180 Sep 22 19:49 ..
crw-------  1 root root 10, 236 Sep 22 19:47 control
lrwxrwxrwx  1 root root       7 Sep 22 19:49 sandisk128gb -> ../dm-0
sm0ketst@c3p0:~$ sudo cryptsetup luksDump --dump-master-key /dev/sdd1

WARNING!
========
Header dump with volume key is sensitive information
which allows access to encrypted partition without passphrase.
This dump should be always stored encrypted on safe place.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
LUKS header information for /dev/sdd1
Cipher name:   	aes
Cipher mode:   	xts-plain64
Payload offset:	4096
UUID:          	8bf9c796-17f2-4f9d-923f-6cc45555622c
MK bits:       	256
MK dump:	1f 60 7f 3d xx xx xx xx xx xx xx xx xx xx xx xx 
    xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 5b 

sm0ketst@c3p0:~$ ls -l /dev/disk/by-uuid | grep 8bf9c796-17f2-4f9d-923f-6cc45555622c
lrwxrwxrwx 1 root root 10 Sep 22 19:50 8bf9c796-17f2-4f9d-923f-6cc45555622c -> ../../sdd1

sm0ketst@c3p0:~$ sudo cryptsetup resize sandisk128gb

sm0ketst@c3p0:~$ sudo mkfs.ext3 /dev/mapper/sandisk128gb 
mke2fs 1.43.4 (31-Jan-2017)
Creating filesystem with 30546944 4k blocks and 7643136 inodes
Filesystem UUID: b0f1bc16-b019-4638-9baa-56cd80ee937b
Superblock backups stored on blocks: 
  32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
  4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done   

sm0ketst@c3p0:~$ 
sm0ketst@c3p0:~$ sudo mkdir -p /mnt/secret/sandisk128gb
sm0ketst@c3p0:~$ sudo chmod 755 /mnt/secret/sandisk128gb/
sm0ketst@c3p0:~$ sudo mount /dev/mapper/sandisk128gb /mnt/secret/sandisk128gb/
sm0ketst@c3p0:~$ df /mnt/secret/sandisk128gb
Filesystem               1K-blocks  Used Available Use% Mounted on
/dev/mapper/sandisk128gb 119744700 61500 113573812   1% /mnt/secret/sandisk128gb
sm0ketst@c3p0:~$ sudo cat /etc/crypttab | grep sandisk128gb
sandisk128gb UUID=8bf9c796-17f2-4f9d-923f-6cc45555622c /home/sm0ketst/secret.key luks

sm0ketst@c3p0:~$ sudo cat /etc/fstab | grep sandisk128gb
/dev/mapper/sandisk128gb /mnt/secret/sandisk128gb auto

sm0ketst@c3p0:~$ sudo umount /mnt/secret/sandisk128gb 
sm0ketst@c3p0:~$ sudo cryptsetup close sandisk128gb
sm0ketst@c3p0:~$ ls -la /dev/mapper/
total 0
drwxr-xr-x  2 root root      60 Sep 22 20:41 .
drwxr-xr-x 22 root root    4160 Sep 22 20:41 ..
crw-------  1 root root 10, 236 Sep 22 19:47 control

sm0ketst@c3p0:~$ sudo cryptsetup luksOpen /dev/disk/by-uuid/8bf9c796-17f2-4f9d-923f-6cc45555622c sandisk128gb --key-file=/home/sm0ketst/secret.key 
sm0ketst@c3p0:~$ ls -la /dev/mapper/
total 0
drwxr-xr-x  2 root root      80 Sep 22 20:43 .
drwxr-xr-x 22 root root    4180 Sep 22 20:43 ..
crw-------  1 root root 10, 236 Sep 22 19:47 control
lrwxrwxrwx  1 root root       7 Sep 22 20:43 sandisk128gb -> ../dm-0
sm0ketst@c3p0:~$