Searching for a way to encrypt your files or filesystem on Linux can be an overwhelming choice. At a simple search you find different terms and solutions such as: encfs, dm-crypt, truecrypt, loopback crypt, aespipe, LUKS, etc. The answer is obviously historical. There are a lot of solutions some of them deprecated. I remember a few years ago I solved a similar problem using a tool (can’t remember which) which I was unable to find 2 years later thus remaining with a large file and lost data. Here is a method to encrypt a filesystem or file using LUKS.

0. install packages

apt-get install cryptsetup

1. create a file (it will not be resizable)

sudo dd if=/dev/zero of=/tmp/encfs.dsk bs=1M count=1000

2. create a device from file

losetup /dev/loop0 /tmp/encfs.dsk

[yes, I could have encrypted the file using the -e option, eg. cryptoloop as I did in the past but this is not the point of the example]

3. if you are using a filesystem just skip above steps and replace /dev/loop0 with you block device (/dev/sdb1 for example).

4. load modules

modprobe dm-crypt
modprobe sha256
modprobe aes

5. initialize device (256 bit aes with sha256 padding)

cryptsetup --verify-passphrase luksFormat /dev/loop0 -c aes -s 256 -h sha256

6. create the mapped device

cryptsetup luksOpen /dev/loop0 encdisk

this created a /dev/mapper/encdisk device which can be used as a normal disk (format, etc.)

7. create the filesystem

mkfs -t ext3  /dev/mapper/encdisk

8. mount the filesystem

mkdir -p /media/encdisk
mount /dev/mapper/encdisk /media/encdisk

9. the filesystem is ready to use in /media/encdisk

10. unmount and detach

umount /media/encdisk
cryptsetup luksClose encdisk
losetup -d /dev/loop0

11. remount again

losetup /dev/loop0 /tmp/encfs.dsk
cryptsetup luksOpen /dev/loop0 encdisk
mount /dev/mapper/encdisk /media/encdisk

With these 11 steps you can have an encrypted file or usb-stick to put all your precious data inside :)