Create named LUKS encrypted volume

edrv() { N=${1:-edrv}; truncate -s ${2:-256m} $N.img && L=$(losetup -f) && losetup $L $N.img && cryptsetup luksFormat --batch-mode $L && cryptsetup luksOpen $L $N && mkfs.vfat /dev/mapper/$N -n $N; cryptsetup luksClose $N; echo losetup -d $L to unmount; }
You need to be root to do this. So check the command before running it. You enter the same password for Enter LUKS passphrase: Verify passphrase: Enter passphrase for /dev/loopn: ___ You can then copy the .img file to somewhere else. Loop it it with losetup -f IMAGENAME.img and then mount it with a file manager (eg nemo) or run mount /dev/loopn /media/mountfolder Acts similar to a mounted flash drive
Sample Output
~$ edrv Testing
1+0 records in
1+0 records out
1 byte (1 B) copied, 0.000525913 s, 1.9 kB/s

WARNING!
========
This will overwrite data on /dev/loop2 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 
Enter passphrase for /dev/loop2: 
mkfs.vfat 3.0.16 (01 Mar 2013)
unable to get drive geometry, using default 255/63
losetup -d /dev/loop2 to unmount

2
2014-02-24 01:38:21

What Others Think

Interesting. A few things I'd improve on. You use dd to create a sparse file, but truncate would be better: Besides, your file is 256MiB + 1 byte long. Urgh! truncate -s 256m If you're likely to fill the container, then a better bet would be fallocate. ext4 and btrfs support fallocate which will near-instantly allocate a contiguous block of space. fallocate -l 256m Next, I'd add a second parameter to control the size. This is very simple to do, using a defaulting variable ${2:-256} If $2 exists use it, otherwise use the number 256, e.g. fallocate -l ${2:-256}m $1 Unless Luks is supported by Windows (I haven't checked, but I'd be surprised if it were), I'd put a REAL filesystem inside the container: mke2fs -t ext4 Finally, I'd do something about the passwords. I don't want to type them in three times. A quick idea might be to turn on cryptsetup's batch mode cryptsetup luksFormat --batch-mode
flatcap · 242 weeks and 4 days ago
I liked a lot of what you suggested & changed it. For the purposes of combatibility (there is a third party windows program that can open luks I believe) I left it FAT. In *nix only, I would do that (and personally will)
snipertyler · 242 weeks and 3 days ago
:-)
flatcap · 242 weeks and 3 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: