Linux Encryption Commands Cheat Sheet
Encrypt and Decrypt a Single File on Linux with AES256 and GPG
Encrypt
gpg --cipher-algo AES256 --symmetric --output encrypted.file plain.file
Decrypt
gpg --output plain.file --decrypt encrypted.file
Change the key file for a LUKS device
cryptsetup luksChangeKey /dev/sdX --key-file /keys/old.keyfile /keys/new.keyfile
Create a LUKS Encrypted Image Container File
Create an empty 1GB img file
dd if=/dev/zero of=encrypted.img bs=1 count=0 seek=1G
Choose a keyfile that will be used to encrypt and unlock the image. Any regular file works as a key. A random key can be generated like so.
dd if=/dev/urandom of=mykey.keyfile bs=1024 count=1
Encrypt the disk image file.
sudo cryptsetup luksFormat encrypted.img mykey.keyfile
Unlock/open the encrypted image using the keyfile.
sudo cryptsetup luksOpen encrypted.img myVolume --key-file mykey.keyfile
The volume now exists at /dev/mapper/myVolume like
any block device and can be mounted normally with
mount.
Mount a Veracrypt Hidden Partition With Cryptsetup
The options below are specific for a hidden Veracrypt encrypted volume. Not a “normal” Veracrypt encrypted volume.
# /etc/crypttab
...
my-mapper-name /my/file.img /dev/null tcrypt-veracrypt,tcrypt-hidden,tcrypt-keyfile=/keys/my.key,nofail
Feel free to contact me with questions or feedback regarding this
article.