According to Cryptsetup’s Gitlab project page; Cryptsetup is utility used to conveniently setup disk encryption based on DMCrypt kernel module.
These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format.
Project also includes veritysetup utility used to conveniently setup DMVerity block integrity checking kernel module.
To install LUKS:
# yum install -y cryptsetup
# modprobe dm_crypt
Create the file to encrypt:
Technically we are converting and coping a file. if: input file, we are using /dev/zero to fill the file with null characters (ASCII NUL, 0x00). of: output file, Write to FILE instead of standard output. bs: Block size, for both read and write, default is 512. count: copy only N input blocks, in our example we will copy 1Mx1024, the output file size will be 1GB.
# dd if=/dev/zero bs=1M count=1024 of=/home/myname/safe
Format the new created file:
This will initializes a LUKS partition and sets the initial key. you need to remember the initialization key, this is the key you will use to mount or open the file
# cryptsetup luksFormat /home/myname/safe WARNING! This will overwrite data on safe irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase: Verify passphrase:
Now, we need to open the LUKS partition:
This command will opens LUKS partition device and sets up a mapping name after successful verification of the initialization key.
# cryptsetup luksOpen device name # cryptsetup luksOpen /home/myname/safe safe-encrypt
Let’s create XFS file system, you can use other file systems, adjust the command accordingly:
# mkfs.xfs /dev/mapper/safe-encrypt
Close the LUKS partition:
# cryptsetup luksClose name # cryptsetup luksClose safe-encrypt
At this point, you have an encrypted LUKS partition, now we need a mounting point to be able to access this partition, for this we need to open again the LUKS partition:
When prompted, enter your password.
# cryptsetup luksOpen /home/myname/safe safe-encrypt
Create a mount point, I chose “/mnt/encrypted”:
# mkdir /mnt/encrypted
Mount LUKS partition:
# mount /dev/mapper/safe-encrypt /mnt/encrypted
if you issue “df -h” or “mount | grep safe-encrypt” you should be able to see newly mounted partition:
# /dev/mapper/safe-encrypt 1019M 34M 986M 4% /mnt/encrypted
When you are done working on the partition, unmount the file system then close the LUKS partition:
# umount /mnt/encrypted # cryptsetup luksClose safe-encrypt