How to create an encrypted file and open it
You’ll find in this post the basic steps to create an encrypted luks file and open it. You’ll need to perform the following steps to create it:
- Create the file. bs times count will give you the total size of the encrypted file. In this example, the file size will be 512M (1M x 512).
dd if=/dev/urandom of=vaultfile.img bs=1M count=512
- Encrypt the file. You’ll be asked for the password twice. The name of the file in this example is vaultfile.img.
cryptsetup --verify-passphrase luksFormat vaultfile.img
- Open the encrypted file. The mapper name if myvault. It can be anything as long as you use the same one in the rest of these steps.
sudo cryptsetup open --type luks vaultfile.img myvault
- Create or format the encrypted file. ext4 is used in this example. Use any file system as long as it is supported on your system. /dev/mapper/myvault must correspond to the last argument of the previous step. It must be prefixed with /dev/mapper/. The parameter -L is the partition label. It does not need to match the last argument of the previous step.
sudo mkfs.ext4 -m 0 -L myvault /dev/mapper/myvault
- Close the newly created luks encrypted file.
sudo cryptsetup close myvault
The following steps must be performed to mount the encrypted file:
- This step creates a mount point. It can be any empty directory such as /mnt and so on.
sudo mkdir /myvaultmountpoint
- Open the encrypted file. The last parameter myvault can be anything. Nevertheless, it must be used in the next steps.
sudo cryptsetup open --type luks vaultfile.img myvault
- Mount the encrypted file. /dev/mapper/myvault must correspond to the last argument of the previous step. It must be prefixed with /dev/mapper/.
sudo mount /dev/mapper/myvault /myvaultmountpoint
- The content will be accessible from the directory /myvaultmountpoint.
Perform these steps to unmount the encrypted file.
- Unmount the encrypted file.
sudo umount /myvaultmountpoint
- Close the encrypted file.
sudo cryptsetup close myvault