====== Encrypt file container with cryptsetup-luks for Fedora ====== Make sure you have the package cryptsetup-luks installed. As root. Prepare an empty file container. Here 10MB. # dd if=/dev/zero of=encrypted_file.bin bs=1024k count=10 Find the first available loop device: # losetup -f /dev/loop0 Map file container with loop device (in this case /dev/loop0): # losetup /dev/loop0 encrypted_file.bin Initialize and encrypt loop device (file container) # cryptsetup --verify-passphrase luksFormat /dev/loop0 WARNING! ======== This will overwrite data on /dev/loop0 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: The verify-passphrase parameter will ask for a password twice which will minimize risk of typos.\\ The default encryption cipher method (at compile time) can be printed with: # cryptseup --help Create device-mapper mapping and open loop device # cryptsetup luksOpen /dev/loop0 encrypted_container Enter passphrase for /dev/loop0: To check status of device mapper: # cryptsetup status encrypted_container /dev/mapper/encrypted_container is active: cipher: aes-cbc-essiv:sha256 keysize: 256 bits device: /dev/loop0 offset: 2056 sectors size: 18424 sectors mode: read/write Time to create file system inside container: # mkfs.ext3 /dev/mapper/encrypted_container Mount device mapper. In this case to mountpoint /mnt: # mount /dev/mapper/encrypted_container /mnt Use file system\\ Remeber to umount and close after container after use so other have no chance to look into your encrypted container. # umount /mnt # cryptsetup remove /dev/mapper/encrypted_container # losetup -d /dev/loop0 ===== Mounting an Existing Encrypted Container File ===== Get loop device: # losetup -f Map loop device and container file: # losetup /dev/loop0 encrypted_file.bin Create device-mapper # cryptsetup luksOpen /dev/loop0 encrypted_container Mount device-mapper # mount /dev/mapper/encrypted_container /mnt