This article was last edited over 3 years ago. Information here may no longer be accurate. Please proceed with caution, and feel free to contact me.
These instructions can be used to create an encrypted disk image/volume/file container/whatever you want to call it.
I will show you how to use
cryptsetup and common
Linux commands to create a disk image, create a random keyfile,
and encrypt and unlock your disk image with that keyfile. You can
just as easily use a passphrase rather than a key if you would
prefer. Read a
for more information regarding cryptsetup.
Create the image container file. Use the
to specify the size. Here I am creating an empty 1GB
img file. The image file can behave very much like a
physical disk would.
dd \ if=/dev/zero \ of=encrypted.img \ bs=1 \ count=0 \ seek=1G
Choose a keyfile that will be used to encrypt and unlock the image. You can use an existing file like a photo, an mp3, or any other file. I am creating a long random keyfile. You can name it whatever you want.
dd \ if=/dev/urandom \ of=mykey.keyfile \ bs=1024 \ count=1
Now we will encrypt our disk image file. Use
cryptsetup luksFormat to format
encrypted.img using our keyfile.
sudo cryptsetup \ luksFormat \ encrypted.img \ mykey.keyfile
Make sure to type
YES (uppercase!) when prompted
by the command above or your image will not be
Unlock/open the encrypted image using our keyfile. You can use
whatever "friendly" name for the image that you want.
Here I am using
myEncryptedVolume as the name.
sudo cryptsetup \ luksOpen \ encrypted.img \ myEncryptedVolume \ --key-file mykey.keyfile
Format the encrypted volume using an
sudo mkfs.ext4 \ /dev/mapper/myEncryptedVolume
Mount the volume somewhere on your system so it can be used like any other disk.
sudo mount \ /dev/mapper/myEncryptedVolume \ $HOME/Private/
Take ownership over the contents of your mounted disk image.
sudo chown \ -R $USER \ $HOME/Private/
Done! Please read some documenation on crypttab if you want your encrypted volume to be unlocked and mounted automatically.
To unmount your encrypted image and close it you can do the following.
sudo umount \ $HOME/Private \
sudo cryptsetup \ luksClose \ myEncryptedVolume