USB sticks are 1) slow to write and 2) wear out. I've previously ruined a stick by creating a LUKS encrypted filesystem on one and then rsync'ing my home directory to it.
My work-around has been to create the filesystem in a Logical Volume on my hard disc and then dd it
However, this doesn't work (anymore?). cryptsetup luksOpen of the USB stick fails:
Jul 26 14:40:57 frodo kernel: device-mapper: table: 254:29: crypt: Device size is not multiple of sector_size feature (-EINVAL) Jul 26 14:40:57 frodo kernel: device-mapper: ioctl: error adding target to tableThis can be further worked around by mapping a loop filesystem of the correct size onto the LV:
losetup --show --sizelimit 123730388992 -f /dev/vg1/templv
## what is the size of the USB stick? lsblk -b /dev/sdd # NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS # sdd 8:48 1 123730388992 0 disk ## create LV of that size lvcreate -n temp -L123730388992b vg1 ## but it's too big lsblk -b /dev/sdd /dev/mapper/vg1-temp # NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS # sdd 8:48 1 123730388992 0 disk # vg1-temp 254:15 0 123731968000 0 lvm ## so set up a loop device losetup --show --sizelimit 123730388992 -f /dev/vg1/temp cryptsetup luksFormat /dev/loop0 cryptsetup --verbose --debug luksDump /dev/loop0 | grep "Device size" # Device size 123730388992, offset 16777216. cryptsetup luksOpen /dev/loop0 enc-usb mkfs.f2fs /dev/mapper/enc-usb mount /dev/mapper/enc-usb /mnt/usb # now rsync the files to /mnt/usb umount /mnt/usb/ cryptsetup luksClose enc-usb losetup -d /dev/loop0 # copy to USB dd if=/dev/vg1/temp of=/dev/sdd bs=4M status=progress