how to create and encrypt a container using LUKS to protect your data, from a single file to an encrypted volume

how-to-containerLUKS.MD

How to create an encrypted container using luks

Creating and encrypting the container

1. Create a file with a specific size (this example is FILENAME - 1Giga size); dd if=/dev/zero of=FILENAME bs=1 count=0 seek=1G

2. Encrypt the file; sudo cryptsetup -y -v luksFormat FILENAME

3. Decrypt it and map it to a label for easier referencing; sudo cryptsetup luksOpen /home/USER/FILENAME LABEL

4. Create a file system to store files (if needed install xfsprogs); sudo mkfs.xfs /dev/mapper/LABEL

5. Create a mount point; sudo mkdir /mnt/MOUNTPOINT or if you want to create a symbolic lynk mkdir /home/USER/ORIGINAL_FOLDER sudo ln -s /home/USER/ORIGINAL_FOLDER/ /mnt/MOUNTPOINT

6. Mount the file system; sudo mount /dev/mapper/LABEL /mnt/MOUNTPOINT

Opening the container

1. sudo cryptsetup luksOpen /home/USER/FILENAME LABEL
2. sudo mount /dev/mapper/LABEL /mnt/MOUNTPOINT

Closing the container

The container is closed on shutingdown or rebooting the system, otherwise you should close it manually.

1. sudo cryptsetup luksClose LABEL
2. sudo umount /mnt/MOUNTPOINT

Troubleshooting

• If there is a problem trying to send files to the container, take a look at the ownership and permission: sudo chown USER:GROUP /home/USER/ORIGINAL_FOLDER

References

• Create Containter - https://blog.canadianwebhosting.com/how-to-create-an-encrypted-container/
• Encrypt Containter - https://www.digitalocean.com/community/tutorials/how-to-create-an-encrypted-file-system-on-a-digitalocean-block-storage-volume
• Symbolic Links - https://www.howtogeek.com/287014/how-to-create-and-use-symbolic-links-aka-symlinks-on-linux/
• Ownership and Permission - https://linuxize.com/post/linux-chown-command/