Mounting An Encrypted USB Drive From the Command Line

The first think to do is to make sure that the USB device is recognized by the operating system.

lsusb

Which produced a lot of listings, the most relevant one being:

Bus 001 Device 002: ID 1058:0748 Western Digital Technologies, Inc. My Passport (WDBKXH, WDBY8L)

Which is the drive I wanted to unencrypt and mount. The next thing is to find the file name (in this case I know the name of the device - "My Passport" - so I used grep, otherwise I'd use less).

sudo fdisk -l | grep "My Passport" -B 1

Which currently gives this:

Partition 2 does not start on physical sector boundary.
Disk /dev/sdb: 931.49 GiB, 1000170586112 bytes, 1953458176 sectors
Disk model: My Passport 0748

It might have looked a little different when I originally ran it since the drive is already mounted but whatever is in that second line is what we want.

That is the name we need for the drive, but we're going to mount a partition so you need to know the partition name. lsblk will show it to us.

lsblk -e7

Which gave me the output:

NAME                        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                           8:0    0 931.5G  0 disk  
├─sda1                        8:1    0     1M  0 part  
├─sda2                        8:2    0     1G  0 part  /boot
└─sda3                        8:3    0 930.5G  0 part  
  └─dm_crypt-0              253:0    0 930.5G  0 crypt 
    └─ubuntu--vg-ubuntu--lv 253:1    0   200G  0 lvm   /
sdb                           8:16   0 931.5G  0 disk  
└─sdb1                        8:17   0 931.5G  0 part

Now you can see that the partion for our disk is sdb1 (the last row where it's shown to be a child of sdb and that its TYPE is a partition).

Note: This works, but there's an alternative way to do it with cryptsetup that I find a little easier (but not much). I documented that command as if it continued from this point in this post.

Next unlock the drive. When you do this it will create a file in /dev/mapper/ that you'll need so it would be a good idea to see what's there before you run it.

ls /dev/mapper/

And then do the decrypting, remembering that the partition is sdb1 and like our disk the file is in the /dev directory.

udisksctl unlock -b /dev/sdb1

This will bring up two prompts for you to fill out which are (confusingly) "Passphrase:" and "Password:". The first prompt ("Passphrase") is what you entered when the disk was encrypted so you need to enter whatever you normally enter to decrypt the disk. The second prompt ("Password:") is your admin password so that the program can run as root (assuming you have the right privileges).

If the last command went okay you now need to mount it. There's going to be a file in /dev/mapper that you need to know. When I did it there was only one new file (luks-3eea956c-e684-4bcb-a640-97d0c8c5a700) so I didn't have to do anything special to get it.

udisksctl mount -b /dev/mapper/luks-3eea956c-e684-4bcb-a640-97d0c8c5a700

If you run the command lsblk -e7 it will show you a tree with the /dev/mapper/ file mapped to the mount point where you can access it.

sdb                                             8:16   0 931.5G  0 disk  
└─sdb1                                          8:17   0 931.5G  0 part  
  └─luks-3eea956c-e684-4bcb-a640-97d0c8c5a700 253:3    0 931.5G  0 crypt /media/hades/WDData

So in this case the drive is accessible at /media/hades/WDData (it's always the same place but I wanted to document the lsblk -e7 command).

• sourcedigit.com - "How To List USB Devices On Ubuntu – Find USB Device Name On Linux Ubuntu"
• Stack Overflow - "Mount encrypted volumes from command line?"