create the containerfile with sice e.g. 250MB
$ dd if=/dev/urandom of=container_file bs=1M count=250
creates the lukscontainer on the container file
$ cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -y luksFormat container_file
open lukscontainer
$ cryptsetup luksOpen container_file container
make fs on the container
$ mkfs.ext4 /dev/mapper/container
mount new fs now
$ mount -t ext4 /dev/mapper/container /mnt/container
umout and close container
$ umount /mnt/container
$ cryptsetup luksClose /dev/mapper/container
open
$ cryptsetup luksOpen container_file container
$ mount -t ext4 /dev/mapper/container /mnt/container
completly clear device
$ cfdisk /dev/sdb
create partition on device
$ fdisk /dev/sdb
Command: > n
Select: > p
Partition number: default (press enter) / or the thrist one
First sector: default (press enter)
Last sector: default (press enter)
Command: > w
Encryption
$ cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random luksFormat /dev/sdb1
Parameter Description
-vverbose -yverify passphrase, ask twice, and complain if they don’t match -cspecify the cipher used -sspecify the key size used -hspecify the hash used -inumber of milliseconds to spend passphrase processing (if using anything more than sha1, must be great than 1000) –use-randomwhich random number generator to use luksFormatto initialize the partition and set a passphrase /dev/sdb1the partition to encrypt
Check luksDump
$ cryptsetup luksDump /dev/sdb1
Backup luksHeader
$ cryptsetup luksHeaderBackup --header-backup-file /path/to/file.img /dev/sdb1
Open luks container
$ cryptsetup luksOpen /dev/sdb1 volume01
Create FS in luks container
$ mkfs.ext4 /dev/mapper/volume01
Mount fs from luks container (requier that luks container was opend)
$ mount /dev/mapper/volume01 /mnt/drive01
Unmount and close container
$ umount /mnt/drive01
$ cryptsetup luksClose /dev/mapper/volume01