Friday, 13 February 2015

Create an encrypted USB disk from the command line

This recipe will

  • create a semi-random disk name and a fairly safe password
  • erase and encrypt the disk diskdevn (use diskutil list to figure out which one it really is or face potentially unfavourable consequences)
  • save the credentials into the file USBdisks.db in your home directory (or where-every you point the variable passfile


# (c) Robin Laurén 2015
# License: BSD 2-clause
diskdevn=/dev/disk4 # nopd: you may want to edit this one
diskname=USBdisk-$(pwgen -B 4 1)
diskpass=$(pwgen -s 16 1)
diskutil partitionDisk /dev/disk4 1 GPT jhfs+ $diskname 100%
diskutil cs convert $diskname -passphrase $diskpass
echo "$diskname $diskpass" >> $passfile