These instructions can be used to create an encrypted disk image/volume/file container/whatever you want to call it.
I will show you how to use
cryptsetup and common Linux commands to create a disk image, create a random keyfile, and encrypt and unlock your disk image with that keyfile. You can just as easily use a passphrase rather than a key if you would prefer. Read a cryptsetup manual for more information regarding cryptsetup.
Create the image container file. Use the
seek value to specify the size. Here I am creating an empty 1GB
img file. The image file can behave very much like a physical disk would.
dd \ if=/dev/zero \ of=encrypted.img \ bs=1 \ count=0 \ seek=1G
Choose a keyfile that will be used to encrypt and unlock the image. You can use an existing file like a photo, an mp3, or any other file. I am creating a long random keyfile. You can name it whatever you want.
dd \ if=/dev/urandom \ of=mykey.keyfile \ bs=1024 \ count=1
Now we will encrypt our disk image file. Use
cryptsetup luksFormat to format
encrypted.img using our keyfile.
sudo cryptsetup \ luksFormat \ encrypted.img \ mykey.keyfile
Make sure to type
YES (uppercase!) when prompted by the command above or your image will not be encrypted.
Unlock/open the encrypted image using our keyfile. You can use whatever "friendly" name for the image that you want. Here I am using
myEncryptedVolume as the name.
sudo cryptsetup \ luksOpen \ encrypted.img \ myEncryptedVolume \ --key-file mykey.keyfile
Format the encrypted volume using an
sudo mkfs.ext4 \ /dev/mapper/myEncryptedVolume
Mount the volume somewhere on your system so it can be used like any other disk.
sudo mount \ /dev/mapper/myEncryptedVolume \ $HOME/Private/
Take ownership over the contents of your mounted disk image.
sudo chown \ -R $USER \ $HOME/Private/
Done! Please read some documenation on crypttab if you want your encrypted volume to be unlocked and mounted automatically.
To unmount your encrypted image and close it you can do the following.
sudo umount \ $HOME/Private \
sudo cryptsetup \ luksClose \ myEncryptedVolume