Creating an encrypted USB stick under GNU/Linux is fairly ease. First lets install required packages and erase everything from the stick
$ export USB_STICK="/dev/sdb"
$ apt-get install parted cryptsetup-bin
$ shred -n 10 -v -z "${USB_STICK}"
This process can take some time depending on the stick’s size. After it’s finished, we can create a partition table
$ parted -s -a optimal "${USB_STICK}" -- mklabel msdos mkpart primary ext2 1 -1
Finally we can create an AES encrypted partition
$ export ENCRYPTED_PART="/dev/sdb1"
$ export ENCRYPTED_PART_NAME="cryptostick"
$ cryptsetup --verify-passphrase luksFormat "${ENCRYPTED_PART}" \
--cipher aes --key-size 256 --hash sha256
$ cryptsetup luksOpen "${ENCRYPTED_PART}" "${ENCRYPTED_PART_NAME}"
$ mkfs.ext4 "/dev/mapper/${ENCRYPTED_PART_NAME}"
$ cryptsetup close "${ENCRYPTED_PART_NAME}"
Now our encrypted stick is ready to use!
$ mkdir "/mnt/${ENCRYPTED_PART_NAME}"
$ cryptsetup luksOpen "${ENCRYPTED_PART}" "${ENCRYPTED_PART_NAME}"
$ mount "/dev/mapper/${ENCRYPTED_PART_NAME}" "/mnt/${ENCRYPTED_PART_NAME}"
$ echo test > "/mnt/${ENCRYPTED_PART_NAME}/file.txt"
$ umount "/mnt/${ENCRYPTED_PART_NAME}"
$ cryptsetup close "${ENCRYPTED_PART_NAME}"