attach encrypted usb drive as block?

[Ryan Tate]

Are there any known issues attaching a LUKS encrypted USB drive as
a block device?

If I attach the drive as a USB device it works fine, it shows up
in nautilus in the destination VM and I can click the drive and
enter the password.

If I attach as a block device, first it doesn't show up in
nautilus. Then I try and follow the directions
(https://www.qubes-os.org/doc/block-devices/) to attach the drive
and I get an error:

[user@vault ~]$ mkdir mnt [user@vault ~]$ sudo mount /dev/xvdi mnt
mount: /home/user/mnt: unknown filesystem type 'crypto_LUKS'.

I get this issue whether I attach a full block device or a
partition.

My understanding is that attaching the drive as a block device is
significantly more secure than attaching it as a usb device. Any
clues to where to look to figure out how to get this working?
(This is fedora-31 and the cryptsetup and cryptsetup-luks packages
appear to be already installed.)

Thanks for any tips....

Ryan

[Ryan Tate]

Ryan Tate <ryan...@ryantate.com> writes:
> If I attach as a block device, first it doesn't show up in
> nautilus.

Actually, I found that for some reason as a block device it shows
up under "Other Locations" in the nautilus sidebar. Once I
navigate there all is cake. Sorry for the noise.

[David Hobach]

If you ever need a USB drive for more than one qube, you might be
interested in qcrypt [1].

[1] https://github.com/3hhh/qcrypt