Make sure you have the package cryptsetup-luks installed.
As root.
Prepare an empty file container. Here 10MB.
# dd if=/dev/zero of=encrypted_file.bin bs=1024k count=10
Find the first available loop device:
# losetup -f /dev/loop0
Map file container with loop device (in this case /dev/loop0):
# losetup /dev/loop0 encrypted_file.bin
Initialize and encrypt loop device (file container)
# cryptsetup --verify-passphrase luksFormat /dev/loop0
WARNING! ======== This will overwrite data on /dev/loop0 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: <Enter password> Verify passphrase: <Enter password>
The verify-passphrase parameter will ask for a password twice which will minimize risk of typos.
The default encryption cipher method (at compile time) can be printed with:
# cryptseup --help
Create device-mapper mapping and open loop device
# cryptsetup luksOpen /dev/loop0 encrypted_container Enter passphrase for /dev/loop0: <Enter password>
To check status of device mapper:
# cryptsetup status encrypted_container /dev/mapper/encrypted_container is active: cipher: aes-cbc-essiv:sha256 keysize: 256 bits device: /dev/loop0 offset: 2056 sectors size: 18424 sectors mode: read/write
Time to create file system inside container:
# mkfs.ext3 /dev/mapper/encrypted_container
Mount device mapper. In this case to mountpoint /mnt:
# mount /dev/mapper/encrypted_container /mnt
Use file system
Remeber to umount and close after container after use so other have no chance to look into your encrypted container.
# umount /mnt # cryptsetup remove /dev/mapper/encrypted_container # losetup -d /dev/loop0
Get loop device:
# losetup -f
Map loop device and container file:
# losetup /dev/loop0 encrypted_file.bin
Create device-mapper
# cryptsetup luksOpen /dev/loop0 encrypted_container <Enter password>
Mount device-mapper
# mount /dev/mapper/encrypted_container /mnt