Cryptsetup Create Linux Encrypted Volumes

What's Cryptsetup?

According to Cryptsetup's Gitlab project page; Cryptsetup is utility used to conveniently setup disk encryption based on DMCrypt kernel module.

These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format.

Project also includes veritysetup utility used to conveniently setup DMVerity block integrity checking kernel module.

To install LUKS:

Activate Dmcrypt:

Create the file to encrypt:

Technically we are converting and coping a file. if: input file, we are using /dev/zero to fill the file with null characters (ASCII NUL, 0x00). of: output file, Write to FILE instead of standard output. bs: Block size, for both read and write, default is 512. count: copy only N input blocks, in our example we will copy 1Mx1024, the output file size will be 1GB.

Format the new created file:

This will initializes a LUKS partition and sets the initial key. you need to remember the initialization key, this is the key you will use to mount or open the file

Now, we need to open the LUKS partition:

This command will opens LUKS partition device and sets up a mapping name after successful verification of the initialization key.

Let's create XFS file system, you can use other file systems, adjust the command accordingly:

Close the LUKS partition:

At this point, you have an encrypted LUKS partition, now we need a mounting point to be able to access this partition, for this we need to open again the LUKS partition:

When prompted, enter your password.

Create a mount point, I chose “/mnt/encrypted”:

Mount LUKS partition:

if you issue “df -h” or “mount | grep safe-encrypt” you should be able to see newly mounted partition:

When you are done working on the partition, unmount the file system then close the LUKS partition: