Skip to content

Instantly share code, notes, and snippets.

Last active December 11, 2015 19:28
Show Gist options
  • Save chanux/4648160 to your computer and use it in GitHub Desktop.
Save chanux/4648160 to your computer and use it in GitHub Desktop.
Portable encrypted vitual disk.
How to create encrypted virtual disk (with luks)
1) First we create a file with random data in it. You can chose a size that matches your needs. In this example I’m making a 20MB virtual disk so I will create a 20MB file in this step.
$ dd if=/dev/urandom of=~/sekret bs=1M count=20
Here, the dd command creates 20 1MB blocks and fill it with random data. ~/sekret means that we create the device named sekret in your home directory. You can chose a file name you like and also a path you like.
2) Next we need to create a block device from the file. For that find a free loop device with
$ sudo losetup -f
And use that loop device and create the block device. Let’s assume /dev/loop0 is free.
$ sudo losetup /dev/loop0 ~/sekret
3) Now we need to luks format the device. FYI: LUKS stands for Linux Unified Key System.
$ cryptsetup luksFormat -c aes-cbc-essiv:sha256 /dev/loop0
This will warn you that the data in /dev/loop0 are gonna be overwritten. Hope you are confident enough to say yes. Then you are required to enter a pass-phrase for this encrypted this. Chose a powerful pass-phrase here. And then confirm the pass-phrase. The process will report success if we are lucky.
4) Map the crypto partition with
$ sudo cryptsetup luksOpen /dev/loop0 mycrypt
To be sure about the success run $ sudo dmsetup ls
This will output something like mycrypt (252, 0).
5) Now we create file system on the device we created. $ sudo mkfs.ext3 /dev/mapper/mycrypt
This will create EXT3 file system on the device. You can format it with your choice of file system. At the successful finishing of formatting, we have our own encrypted disk ready to use.
#!/usr/bin/env bash
# This script allows easy mounting/unmounting of your encrypted disks created
# with dm-crypt and LUKS (Linux Unified Key System)
#
#check for required programs
type -P dmsetup &>/dev/null || { echo "dmestup rquired but not installed. Aborting." >&2; exit 1; }
type -P cryptsetup &>/dev/null || { echo "cryptsetup rquired but not installed. Aborting." >&2; exit 1; }
echo "Usage:"
echo -e "\t $0 mount /encrypted/virtual/disk /mount/point"
echo -e "\t $0 umount /mount/point"
exit 1
case "$1" in
if [ $# != 3 ];then
LOOPDEV=$(losetup -f)
losetup $LOOPDEV $2
cryptsetup luksOpen $LOOPDEV $CRYPTDEV
mount /dev/mapper/$CRYPTDEV -rw $3
chown -R $SUDO_USER $3 #workaround to allow nautilus r/w access to the mount
if [ $# != 2 ];then
LOOPDEV=$(cat /tmp/crysp-$SUDO_USER)
umount $2
cryptsetup luksClose $CRYPTDEV
losetup -d $LOOPDEV
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment