Unable to mount freshly encrypted usb stick partition

I just partitioned my new usb stick and encrypted one partition following this guide:

Instead of fdisk, I used the KDE partition manager for the partitioning and chose NTFS as file system. Everything worked fine until this command: # mount /dev/mapper/private /mnt/private
Here, I got the following error:

mount: /mnt/private: Falscher Dateisystemtyp, ungültige Optionen, der Superblock von /dev/mapper/private ist beschädigt, fehlende Kodierungsseite oder ein anderer Fehler.

My translation:

Wrong data type, invalid options, the super block of /dev/mapper/private is damaged, lacking encoding page or a different error.

When I tried to open the partition in dolphin, I got the following error:

No such interface “org.freedesktop.UDisks2.Filesystem” on object at path /org/freedesktop/UDisks2/block_devices/dm_2d0

Here are the outputs of some utilities:


Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 003: ID 5986:9102 Acer, Inc BisonCam,NB Pro
Bus 003 Device 002: ID 8087:0029 Intel Corp. AX200 Bluetooth
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 006: ID 24a9:205a ASolid USB_0114
Bus 001 Device 003: ID 062a:4101 MosArt Semiconductor Corp. Wireless Keyboard/Mouse
Bus 001 Device 005: ID 04f3:0c63 Elan Microelectronics Corp. ELAN:Fingerprint
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub


├─sda2        8:2    1  50,8G  0 part   
│ └─private 254:0    0  50,8G  0 crypt

inxi -Dazy:

ID-2: /dev/sda maj-min: 8:0 type: USB model: ASolid USB size: 58.59 GiB
    block-size: physical: 512 B logical: 512 B type: N/A serial: <filter>
    rev: 0000 scheme: GPT

sudo fdisk -l:

Festplatte /dev/sda: 58,59 GiB, 62914560512 Bytes, 122880001 Sektoren
Festplattenmodell: USB             
Einheiten: Sektoren von 1 * 512 = 512 Bytes
Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes
Festplattenbezeichnungstyp: gpt
Festplattenbezeichner: 6C8A3AA1-E297-D646-97EF-5CF0EF170784

Gerät         Anfang      Ende  Sektoren Größe Typ
/dev/sda1       2048   8194047   8192000  3,9G Microsoft Basisdaten
/dev/sda2    8194048 114671615 106477568 50,8G Microsoft Basisdaten
/dev/sda3  114671616 122863615   8192000  3,9G Microsoft Basisdaten

Festplatte /dev/mapper/private: 50,76 GiB, 54499737600 Bytes, 106444800 Sektoren
Einheiten: Sektoren von 1 * 512 = 512 Bytes
Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes

What can I do to get an encrypted partition on that stick mounted and usable? There is no data on it, so reformatting and -partitioning is no problem.

The guide you followed is … strange to me.
unless I read it wrong/did not understand it

Why would you make a file system
(it’s fat in the guide, not ntfs …)
on a device that you wanted to be an encrypted volume? (rhetorical question)

What you would want to do is:
encrypt the partition (the container)
and then create a file system inside the encrypted partiiton/container
which you can mount and use
once the encrypted container is opened.
(cryptsetup open /dev/mapper/xyz)

So, at the least, you did not follow the guide verbatum - but changed it (the file system)
… there is no reliable way to maintain the integrity of ntfs without the actual Windows OS
… not that I know of …

you want to encrypt some data on one particular partition of your USB device?
… there may be more appropriate ways to do it …

deutsch geht auch, falls das leichter ist oder hilft
aber der thread hier sollte halt besser english bleiben
wegen all der Leute die hier mitlesen

1 Like


You won’t be able to access any LUKS encrypted partitions from a Windows computer, so why use a Microsoft-specific filesystem?

1 Like

The guide makes no sense. Some of the steps are questionable and redundant.

@Nachlese raises some good questions.

What are you trying to accomplish? Do you want a USB stick that you can use in both Windows and Linux, with multiple partitions, and a mix of encrypted with non-encrypted? If so, that’s not possible. Windows will not respect such a setup.

Are you trying to use a stick exclusively with Linux, but only wish for one partition to be encrypted, while the rest is not? That seems more complex than it needs to be. If you’re already using encryption on the stick, of which is in your sole possession, why do you specifically want to make a distinct partition without encryption? Why not just use the entire stick with encryption, and separate files into different folders?

Ich wollte mich nicht ganz so weit aus dem Fenster lehnen, aber: ja, genau.

The steps are quite simple.

Obtain the device path e.g. /dev/sdy (substitute the path with your device)

All commands are run as root (either su or sudo) - when flash based device - use a filesystem designed for flash - f2fs.

sgdisk --zap-all /dev/sdy
sgdisk --mbrtogpt /dev/sdy
sgdisk --new 1::: --typecode 1:8300 /dev/sdy
wipefs -af /dev/sdy1
cryptsetup --type luks2 --tries 5 --use-urandom luksFormat /dev/sdy1
cryptsetup open /dev/sdy1 cryptroot
mkfs.f2fs /dev/mapper/cryptroot
cryptsetup close /dev/mapper/cryptroot

For a two partition disk - one encrypted (decrypt linux only) - the other not (windows readable) - you specify the size of the first partition and add one more to occupy the remaining space - remember the Windows readable partition must be the first partition - example is a 16G stick - split in halves - adjust according to your use-case

sgdisk --zap-all /dev/sdy
sgdisk --mbrtogpt /dev/sdy
sgdisk --new 1::+8G --typecode 1:0700 /dev/sdy
sgdisk --new 2::: --typecode 2:8300 /dev/sdy
wipefs -af /dev/sdy1
wipefs -af /dev/sdy2
mkfs.exfat /dev/sdy1
cryptsetup --type luks2 --tries 5 --use-urandom luksFormat /dev/sdy2
cryptsetup open /dev/sdy2 cryptroot
mkfs.f2fs /dev/mapper/cryptroot
cryptsetup close /dev/mapper/cryptroot

To open the device select it in dolphin side pane → removable device → input passphrase when challenged.

Or manually in terminal (command is for the first example)

sudo cryptsetup open /dev/sdy1 cryptroot

Input passphrase

Then mount the device.

sudo mount /dev/mapper/cryptroot /mnt

Remember that /mnt is a temporary mountpoint - if you need a static mountpoint create the necessary mount units .

Lastly you can use ventoy to create a bootable USB with an extra partition to hold your encrypted data. The first partition serves as a place for any bootable ISO (your favorite Linux) and also Windows readable while the second holds your encrypted data - decryptable when you boot a system from stick.

Because I had no clue about file systems until I opened the partition manager. Then I did some googling and NTFS seemed fine for the unencrypted partitions that I would like to function in both windows and linux. And then just used the same for all the partitions… So no real reason, I will happily change to whatever you guys propose :sweat_smile:

I want to store some data encrypted on my stick. And if I can have unencrypted partitions that will work also in windows besides that, that would be ideal. If that is not possible as winnie said, I will have to get another stick for the unencrypted partitions (does windows support multiple partitions?) and make this one encrypted and for linux only.

I will try these, thank you :+1:

You can create a two-partition stick - easily - I will update the post

1 Like

These commands worked wonderfully. Thank you very much :smiling_face_with_three_hearts:
I will also look into your root tips, they look exactly like what I want. But for now, everything works nicely, so these improvements have time.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.