User Tools

Site Tools


Encrypt file container with cryptsetup-luks for Fedora

Make sure you have the package cryptsetup-luks installed.

As root.

Prepare an empty file container. Here 10MB.

# dd if=/dev/zero of=encrypted_file.bin bs=1024k count=10

Find the first available loop device:

# losetup -f

Map file container with loop device (in this case /dev/loop0):

# losetup /dev/loop0 encrypted_file.bin

Initialize and encrypt loop device (file container)

# cryptsetup --verify-passphrase luksFormat /dev/loop0
This will overwrite data on /dev/loop0 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: <Enter password>
Verify passphrase: <Enter password>

The verify-passphrase parameter will ask for a password twice which will minimize risk of typos.
The default encryption cipher method (at compile time) can be printed with:

 # cryptseup --help

Create device-mapper mapping and open loop device

# cryptsetup luksOpen /dev/loop0 encrypted_container  
Enter passphrase for /dev/loop0: <Enter password>

To check status of device mapper:

# cryptsetup status encrypted_container
/dev/mapper/encrypted_container is active:
cipher:  aes-cbc-essiv:sha256
keysize: 256 bits
device:  /dev/loop0
offset:  2056 sectors
size:    18424 sectors
mode:    read/write

Time to create file system inside container:

# mkfs.ext3 /dev/mapper/encrypted_container

Mount device mapper. In this case to mountpoint /mnt:

# mount /dev/mapper/encrypted_container /mnt

Use file system
Remeber to umount and close after container after use so other have no chance to look into your encrypted container.

# umount /mnt
# cryptsetup remove /dev/mapper/encrypted_container
# losetup -d /dev/loop0

Mounting an Existing Encrypted Container File

Get loop device:

# losetup -f

Map loop device and container file:

# losetup /dev/loop0 encrypted_file.bin

Create device-mapper

# cryptsetup luksOpen /dev/loop0 encrypted_container  
<Enter password>

Mount device-mapper

# mount /dev/mapper/encrypted_container /mnt
encrypt_file_container_with_cryptsetup-luks.txt · Last modified: 2011/06/01 12:58 (external edit)