2017/01/07
I do not usually encrypt my whole disk on my home machines. But, I sometimes keep private data and for this I create a encrypted filesystem in an file. This file can be mounted via the loop device.
First we create the file with random data, in this case the file is around 4GB
$ dd if=/dev/urandom of=/disk.img bs=1M count=4000
Next, we connect the file to the loop device, setup encryption, and make the file system.
# losetup /dev/loop0 /disk.img
# cryptsetup luksFormat /dev/loop0
# cryptsetup open dev/loop0 zzdisK
# mkfs -t ext4 /dev/mapper/zzdisk
Then we can disconnect the encrypted file system
# cryptsetup close zzdisK
# losetup -d /dev/loop0
When you want to use the file system you mount is a follows
# losetup /dev/loop0 /disk.img
# cryptsetup --type luks open /dev/loop0 zzdisk
# mount -t ext4 /dev/mapper/zzdisk /home/john/zz
And when you are done un-mount it.
# umount /home/john/zz
# cryptsetup close zzdisk
# losetup -d /dev/loop0
. .
I usually put the mount and un-mount commands in a couple small scripts with some sudo magic. And, yes I encrypted the data and then put the password in plain text in the script.
#!/bin/bash
#
# 2016/05/29 created
#
#
ZPATH="$HOME/zz"
ZIMAGE="$HOME/data_disk/disk.img"
sudo losetup /dev/loop0 $ZIMAGE
echo -n diskpassword |
sudo cryptsetup --type luks --key-file=- open /dev/loop0 zzdisk
sudo mount -t ext4 /dev/mapper/zzdisk $ZPATH
sudo chown john:john $ZPATH
..
#!/bin/bash
#
# 2016/05/29 created
#
ZPATH="$HOME/zz"
ZIMAGE="$HOME/data_disk/disk.img"
sudo umount $ZPATH
sudo cryptsetup close lockd
sudo losetup -d /dev/loop0