encryption:luks-container
Table of Contents
LUKS Encrypted Container
With cryptsetup 2.1.0, the LUKS header takes up just under 16MiB, so the partition size must be 16MiB + the size of the data you want to store in it.
Create a LUKS Storage Container
- Create a 20Mb file filled with random data: 1)
sudo dd if=/dev/urandom of=encrypted.luks.img iflag=fullblock bs=1M count=20
- Switch to root:
sudo -s
- Set permissions:
chmod go= encrypted.luks.img
- Configure encryption:
cryptsetup --verbose luksFormat encrypted.luks.img cryptsetup --verbose --use-random luksFormat encrypted.luks.img
- Open the encrypted container:
cryptsetup --verbose luksOpen encrypted.luks.img encrypted
- Create filesystem:
mkfs.ext4 /dev/mapper/encrypted
- Create directory to mount the container:
mkdir /mnt/encrypted
- Mount the container:
mount -t ext4 -o journal_checksum /dev/mapper/encrypted /mnt/encrypted
- Chown it:
chown chuck: /mnt/encrypted
- Set permissions:
chmod go= /mnt/encrypted
- Switch back to $USER:
exit
Copy Files to the LUKS Storage Container
- Copy or create your files:
cp /files/to/copy /mnt/encrypted
Close the LUKS Storage Container and Lock it
- Switch to root:
sudo -s
- Unmount the container:
umount /mnt/encrypted
- Close the encrypted container:
cryptsetup luksClose encrypted
- Switch back to $USER:
exit
Change Password on a LUKS Encrypted Storage Container
- If you want/need to change the password:
sudo cryptsetup luksChangeKey encrypted.luks.img
encryption/luks-container.txt · Last modified: 2021/11/10 00:12 by chuck