User Tools

Site Tools


LUKS Encrypted Container

With cryptsetup 2.1.0, the LUKS header takes up just under 16MiB, so the partition size must be 16MiB + the size of the data you want to store in it.

Create a LUKS Storage Container

  • Create a 20Mb file filled with random data: 1)
    sudo dd if=/dev/urandom of=encrypted.luks.img iflag=fullblock bs=1M count=20
  • Switch to root:
    sudo -s
  • Set permissions:
    chmod go= encrypted.luks.img
  • Configure encryption:
    cryptsetup --verbose luksFormat encrypted.luks.img
    cryptsetup --verbose --use-random luksFormat encrypted.luks.img
  • Open the encrypted container:
    cryptsetup --verbose luksOpen encrypted.luks.img encrypted
  • Create filesystem:
    mkfs.ext4 /dev/mapper/encrypted
  • Create directory to mount the container:
    mkdir /mnt/encrypted
  • Mount the container:
    mount -t ext4 -o journal_checksum /dev/mapper/encrypted /mnt/encrypted
  • Chown it:
    chown chuck: /mnt/encrypted
  • Set permissions:
    chmod go= /mnt/encrypted
  • Switch back to $USER:

Copy Files to the LUKS Storage Container

  • Copy or create your files:
    cp /files/to/copy /mnt/encrypted

Close the LUKS Storage Container and Lock it

  • Switch to root:
    sudo -s
  • Unmount the container:
    umount /mnt/encrypted
  • Close the encrypted container:
    cryptsetup luksClose encrypted
  • Switch back to $USER:

Change Password on a LUKS Encrypted Storage Container

  • If you want/need to change the password:
    sudo cryptsetup luksChangeKey encrypted.luks.img

encryption/luks-container.txt · Last modified: 2021/11/09 19:12 by chuck