this post was submitted on 06 Sep 2023
43 points (97.8% liked)

Linux

48152 readers
773 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

How should I do it if I want to...

  • Format external SSD to use with linux
  • Full drive encryption
  • Compatible with windows (temporarily)
  • Preferably do it with KDE GUI

Context: A linux noob. I got a new laptop earlier this year and uses it mainly for tinkering/playing with linux, get competent with it before dropping windows completely on my main desktop. There is a lot of stuff I want to move back and forth between those machines during this learning period.

My idea is to use an external SSD which when I'm done with windows, I can still use it to store work files or any sensitive stuff, so it will need encryption.

Saw a reddit thread saying I still need veracrypt, which I'm totally ok with on windows side but I prefer keeping everything simple on linux side (I only know it can be done without any extra package)

Extra question:
I can possibly store all works and sensitive data on encrypt external and leave root drive unencrypted. In that case, which file system should I use on which drive? Does it matter?

Thank you in advance.

top 22 comments
sorted by: hot top controversial new old
[–] CaptainJack42@discuss.tchncs.de 18 points 1 year ago (1 children)

From what I recall veracrypt is basically the only option, but I've never bothered setting it up myself, i just use luks on everything these days, but you won't be able to use that with windows, though it might be possible using WSL, but I don't know

[–] QuazarOmega@lemy.lol 6 points 1 year ago

Can confirm, I could successfully mount a LUKS drive with WSL, but it requires the command line, this is the guide I used

[–] BuckShot686@beehaw.org 10 points 1 year ago (1 children)

VeraCrypt is the only company I use when it comes to encrypting external drives. Depending on what distro you use, you'll just have to select the proper file format. Aside from that, maybe encrypt 90% of the drive so there's some space for a few things which you can access without mounting the drive. When you go through the setup in VeraCrypt, it directly asks if the drive will be used with one or different systems, so they got you covered there. You can also find many video walk throughs online to follow along with as well.

[–] g6d3np81@kbin.social 4 points 1 year ago* (last edited 1 year ago) (2 children)
Linux Windows Preparation
LUKS LUKS no can do / unless WSL
LUKS ??? cryptsetup
LUKS VeraCrypt ???
VeraCrypt VeraCrypt VeraCrypt GUI from either
??? BitLocker Format with NTFS in Windows

I'm still a bit confused with veracrypt... The docs make it sounds like vc use its own format.
Can the drive be prepared with LUKS and then decrypt in windows with veracrypt? If not, I might just use bitlocker until I drop windows.

[–] BuckShot686@beehaw.org 6 points 1 year ago* (last edited 1 year ago) (1 children)

If things are still the same from ~ June of 2022 then you have a choice between none, Linux Ext2, Linux Ext3, Linux Ext4, and NTFS.

Edit: VeraCrypt utilizes a unique encryption process. Its easy as you just move the mouse around like you went mad, but this produces a highly secure encryption key too. As long as your distro works with NTFS then it seems VeraCrypt can assist to help you encrypt. Otherwise, when Windows is a VM it only can do what Linux allows it to do lol

[–] g6d3np81@kbin.social 1 points 1 year ago (1 children)

I try not to mess with my my current windows desktop setup too much if I don't have to (mission critical). It's not on VM.
Would love to do it with LUKS/EXT4 if possible but it's not supported on windows (am I correct?)

If I use VC then I have to install it on both win and linux and also any additional machine I intend to decrypt with, that's quite unwieldy compare to LUKS. I also have lobotomized my current install to cripple spying and broke it to the point it can not update to support wsl.

Seems like bitlocker is a proper solution for the moment. Or just do two partitions (maybe two drives), encrypt one with LUKS, wipe everything unencrypted when done using it.

[–] BuckShot686@beehaw.org 4 points 1 year ago

It's quite an easy program to install and it's also cross platform. The fact drives need the softwarenon aNY PC trying to gain access seems like a feature to me. Maybe if you wanted to copy something from the encrypted drive to a friends computer, only then would it be somewhat of a nuisance. But this all ties into me recommending to leave some portion of the hard drive alone. You'd be able to access anything not in VC's space anywhere, while it's also a breeze to download and install VC too.

[–] QuazarOmega@lemy.lol 2 points 1 year ago* (last edited 1 year ago)

Just a note: you can open Bitlocker encrypted drives on Linux, some distros (e.g. Mint and Fedora) have support for it out of the box that works via GUI file manager, I think it uses Dislocker under the hood

[–] DarkDarkHouse@lemmy.sdf.org 8 points 1 year ago* (last edited 1 year ago) (1 children)
[–] wildbus8979@sh.itjust.works 4 points 1 year ago* (last edited 1 year ago)

More specifically, the veracrypt compatibility, since they want Windows support.

[–] drwho@beehaw.org 5 points 1 year ago

Looking at your use case, I think Veracrypt is the best fit. It can encrypt removable media, it can do WDE of both removable media and on-board storage, and you can pick the file system inside of the encrypted container (for compatibility's sake). And it has a GUI front-end for every OS Veracrypt will run on.

[–] tvcvt@lemmy.ml 2 points 1 year ago

How about an alternate route? If transferring information between computers is the goal, you could skip the external drive altogether and put syncthing on both machines. Then you could just share the appropriate directories between the two without the go-between.

[–] danielfgom@lemmy.world 2 points 1 year ago

No idea about the encryption but for formatting use exFAT as it's the only file system that Linux, Windows and Mac can read and write to.

[–] Lemmyin@lemmy.nz 2 points 1 year ago (3 children)

If you’re only using the external disk for days you could use ntfs with bitlocker and mount that in Linux. When your rest to fully migrate you could then do something Linux only if you wanted.

[–] Frederic@beehaw.org 6 points 1 year ago

Yup, if you want Windows compatibility, it's the best. This is what I did. I created the disk in windows, standard NTFS, bitlocker encrypted. It mounts in Linux automatically asking for a passphrase with a popup.

[–] g6d3np81@kbin.social 2 points 1 year ago (1 children)

That, I didn't think of. Still... I will eventually have to do it the linux way, might as well learn and familiarize with it now.

Forgot to mention that it will be quite a while before I can drop windows completely but for sure I'm not upgrading or doing another windows install.

[–] BuckShot686@beehaw.org 3 points 1 year ago

Depending on your specific situation, it could be a solid option to just jump in to whatever distro covers your needs best and just run Windows in a VM. On a current Linux device which previously ran windows, throw this in the terminal:

sudo strings /sys/firmware/acpi/tables/MSDM

and it will source the old Windows product key. You can also just jot down the key by pulling it up in Windows too. But regardless of how it's handled, it makes the VM setup an easier process for sure!

[–] zingo@lemmy.ca 2 points 1 year ago (2 children)

That's what I do on my external drive. Used to use Windows so bitlocker it was with NTFS.

Now on Linux I just use it normally as its recognized without any problem.

I'm sure as hell not gonna erase my data to inplant veracrypt just for the sake of it.

For future drives, veracrypt it is.

[–] BCsven@lemmy.ca 1 points 1 year ago

Similar here, my work archive is Windows bitlocker password enabled. There is a linux package on SUSe that supports read write of Ntfs nicely, and GNOME promtps for bitlocker password. Easy Peasy

[–] Lemmyin@lemmy.nz 1 points 1 year ago (1 children)

I still wouldn’t use Veracrypt on a Linux disk. What about LUKS instead?

[–] zingo@lemmy.ca 1 points 1 year ago (1 children)

Yeah, I was talking about external harddrives and sticks.

[–] Lemmyin@lemmy.nz 1 points 1 year ago

I’d still use LUKS. Even on USB keys.