NOTE: This script currently only natively will work in a UNIX (Debian, Ubuntu, Red Hat, Rocky, CentOS, Fedora, etc.) operating system and will NOT natively work in a macOS or Windows operating system.
Bash
#!/bin/bash
###############################################################################################
# PROGRAM: CreateEncryptedDisk.sh
# DESCRIPTION: This script will format and encrypt a USB disk.
# NOTE: This drive will only natively work with UNIX using this process.
#
# Creator / POC: David T. Kittell
#
# You are free to use this in other projects as long as credit is given
###############################################################################################
start_time=$(date +%s) # record the start time
echo -e "BE SURE YOU KNOW WHICH DISK YOU NEED!"
mapfile -t aExternalMedia < <(lsblk | grep disk | grep "sd")
echo "Total External Drives: ${#aExternalMedia[@]}"
echo "All data on the selected disk will get PERMANENTLY DESTROYED."
while true; do
read -p "Do you want to proceed? (y/n): " response
case $response in
[yY])
if (("${#aExternalMedia[@]}" == 0)); then
echo "No drives were detected/mounted"
else
if (("${#aExternalMedia[@]}" > 1)); then
# More than one drive exists, provide a selectable list to the user
count=0
for line in "${aExternalMedia[@]}"; do
echo "${count}: '$line'"
let "count++"
done
echo ""
read -p "Select the specific drive you would like to make an image of: " uiDrive
count=0
for line in "${aExternalMedia[@]}"; do
# echo "${count}: '$line'"
if [ $uiDrive == $count ]; then
echo "${count}: '$line'"
selectedDrive=$(echo $line | awk '{print $1}' | sed 's/[0-9]//g')
echo $selectedDrive
fi
let "count++"
done
else
# Only one disk is connected so grab the information
# selectedDrive=$(echo ${aExternalMedia[0]} | awk '{print $1}')
selectedDrive=$(echo ${aExternalMedia[0]} | awk '{print $1}' | sed 's/[0-9]//g')
echo $selectedDrive
fi
fi
sudo umount -Rfq /dev/${selectedDrive}*
sudo cryptsetup luksFormat /dev/${selectedDrive}
# Testing purposes password: L3tM31nN0w!
# Verify ecryption and mount the disk
echo -e "\nVerifying encryption and mounting the disk, type in the decryption key"
sudo cryptsetup luksOpen /dev/${selectedDrive} usb_encrypted
# Format the new encrypted volume
# exFAT to make it most compatible
sudo mkfs.exfat /dev/mapper/usb_encrypted
# Mount the new ecrypted filesystem
sudo mkdir -p /mnt/usb_secure
sudo mount /dev/mapper/usb_encrypted /mnt/usb_secure
# Verify Mount
lsblk | grep "${selectedDrive}\|usb_encrypted\|luks"
cryptVolume=$(
lsblk | grep "usb_encrypted\|luks" | cut -d '─' -f2 | awk '{print $1}'
)
echo -e "\nDisk will now unmount.\n\nIf you need it right now remove it from the USB port and put it back and type in the decrypt password"
sudo umount -Rfq /mnt/usb_secure
sudo cryptsetup luksClose $cryptVolume
break
;;
[nN])
echo "Exiting script process"
;;
*)
echo "Invalid input. Please enter y or n."
;;
esac
done
# Unmount
# sudo umount /mnt/usb_secure
# sudo cryptsetup luksClose usb_encrypted
# OR Unmount #2
# sudo umount /run/media/$USER/*
# sudo cryptsetup luksClose luks-<Tab>
# sudo cryptsetup luksClose $cryptVolume
# Re-Mount Later
# sudo cryptsetup luksOpen ${selectedDrive} usb_encrypted
# sudo mount /dev/mapper/usb_encrypted /mnt/usb_secure
# Record the end time
end_time=$(date +%s)
# Calculate elapsed time in seconds
execution_time=$((end_time - start_time))
# Calculate days, hours, minutes, and seconds
days=$((execution_time / 86400))
hours=$(((execution_time % 86400) / 3600))
minutes=$(((execution_time % 3600) / 60))
seconds=$((execution_time % 60))
# Output in human-readable format
echo -e "Execution Time:\t\t\t${days}d ${hours}h ${minutes}m ${seconds}s"
All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.