Create an encrypted container for storage with LUKS
Change the names and paths to reflect your environment and needs
1) Make sure cryptsetup
is installed:
sudo apt update && apt install cryptsetup -y
2) Create an empty file for the container:
sudo dd if=/dev/zero bs=1M of=/path/to/lukscontainer count=10240
(I prefer using a flat file, instead of a device, for portability)
3) Create the LUKS volume within the flat file:
sudo cryptsetup luksOpen /path/to/lukscontainer container_crypt
4) Create a filesystem within the LUKS volume:
sudo mkfs.ext4 /dev/mapper/container_crypt
5) Create a mountpoint for the container:
sudo mkdir -p /storage/container/
6) Mount the container in your newly created mountpoint:
sudo mount /dev/mapper/container_crypt /storage/container/
To easily unmount and mount the container in the future, create 2 simple scripts:
luksUnmountContainer.sh:
#!/bin/sh /usr/bin/umount /dev/mapper/container_crypt /sbin/cryptsetup luksClose /dev/mapper/container_crypt
luksMountContainer.sh:
#!/bin/sh /sbin/cryptsetup luksOpen /path/to/lukscontainer container_crypt /usr/bin/mount /dev/mapper/container_crypt /storage/container/
(the editor in htmly isn't playing nice, insert linebreaks manually)
Make the scrips executable with chmod +x luks*Container.sh
and run them with ./
Make sure to upgrade your KDF to argon2id (default for latest version at the time of writing): https://mjg59.dreamwidth.org/66429.html