Skip to Main Menu

Cryptsetup Create Linux Encrypted Volumes

What’s Cryptsetup?

According to Cryptsetup’s Gitlab project page; Cryptsetup is utility used to conveniently setup disk encryption based on DMCrypt kernel module.

These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format.

Project also includes veritysetup utility used to conveniently setup DMVerity block integrity checking kernel module.

To install LUKS:

  # yum install -y cryptsetup

Activate Dmcrypt:

  # modprobe dm_crypt

Create the file to encrypt:

  # dd if=/dev/zero bs=1M count=1024 of=/home/myname/safe
Technically we are converting and coping a file. if: input file, we are using /dev/zero to fill the file with null characters (ASCII NUL, 0x00). of: output file, Write to FILE instead of standard output. bs: Block size, for both read and write, default is 512. count: copy only N input blocks, in our example we will copy 1Mx1024, the output file size will be 1GB.

Format the new created file:

    # cryptsetup luksFormat /home/myname/safe
        This will overwrite data on safe irrevocably.
        Are you sure? (Type uppercase yes): YES
        Enter passphrase:
        Verify passphrase:
This will initializes a LUKS partition and sets the initial key. you need to remember the initialization key, this is the key you will use to mount or open the file

Now, we need to open the LUKS partition:

  # cryptsetup luksOpen device name
  # cryptsetup luksOpen /home/myname/safe safe-encrypt
This command will opens LUKS partition device and sets up a mapping name after successful verification of the initialization key.

Let’s create XFS file system, you can use other file systems, adjust the command accordingly:

  # mkfs.xfs /dev/mapper/safe-encrypt

Close the LUKS partition:

  # cryptsetup luksClose name
  # cryptsetup luksClose safe-encrypt

At this point, you have an encrypted LUKS partition, now we need a mounting point to be able to access this partition, for this we need to open again the LUKS partition:

  # cryptsetup luksOpen /home/myname/safe safe-encrypt
When prompted, enter your password.

Create a mount point, I chose “/mnt/encrypted”:

  # mkdir /mnt/encrypted

Mount LUKS partition:

  # mount /dev/mapper/safe-encrypt /mnt/encrypted

if you issue “df -h” or “mount | grep safe-encrypt” you should be able to see newly mounted partition:

   # /dev/mapper/safe-encrypt     1019M   34M  986M   4% /mnt/encrypted

When you are done working on the partition, unmount the file system then close the LUKS partition:

  # umount /mnt/encrypted
  # cryptsetup luksClose safe-encrypt