Create named LUKS encrypted volume

edrv() { N=${1:-edrv}; truncate -s ${2:-256m} $N.img && L=$(losetup -f) && losetup $L $N.img && cryptsetup luksFormat --batch-mode $L && cryptsetup luksOpen $L $N && mkfs.vfat /dev/mapper/$N -n $N; cryptsetup luksClose $N; echo losetup -d $L to unmount; }
You need to be root to do this. So check the command before running it. You enter the same password for Enter LUKS passphrase: Verify passphrase: Enter passphrase for /dev/loopn: ___ You can then copy the .img file to somewhere else. Loop it it with losetup -f IMAGENAME.img and then mount it with a file manager (eg nemo) or run mount /dev/loopn /media/mountfolder Acts similar to a mounted flash drive
Sample Output
~$ edrv Testing
1+0 records in
1+0 records out
1 byte (1 B) copied, 0.000525913 s, 1.9 kB/s

WARNING!
========
This will overwrite data on /dev/loop2 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 
Enter passphrase for /dev/loop2: 
mkfs.vfat 3.0.16 (01 Mar 2013)
unable to get drive geometry, using default 255/63
losetup -d /dev/loop2 to unmount

2
2014-02-24 01:38:21

These Might Interest You

  • Get information of volume labels of bitlocker volumes, even if they are encrypted and locked (no access to filesystem, no password provided). Note that the volume labels can have spaces, but only if you name then before encryption. Renaming a bitlocker partition after being encrypted does not have the same effect as doing it before. Show Sample Output


    2
    sudo echo "BitLocker Volume labels:" && sudo dislocker-find | xargs -I{} sh -c 'echo -n "{} ->+ " ; sudo dislocker-metadata -V {} | grep string' | sed 's/+.*string://' | sed "s/'[^ ]* /\"/g" | sed 's/\ [^ ]*$/"/'
    bugmenot · 2018-04-29 01:00:11 0
  • Create/open/use an encrypted directory encfs needs to be installed During creation easiest to use default values The encrypted files will be in ~/.crypt and you will work as usual in ~/crypt To close the encrypted directory run: fusermount -u ~/crypt When you switch off the computer the encrypted directory will be automatically closed This example uses /home/user/crypt as encrypted directory I use ubuntu linux 8.04 and I am also the creator of www.minihowto.org


    8
    encfs ~/.crypt ~/crypt
    bkn390 · 2009-09-25 10:13:39 0
  • In order to create a new encrypted filing system managed by cryptmount, you can use the supplied 'cryptmount-setup' program, which can be used by the superuser to interactively configure a basic setup. Alternatively, suppose that we wish to setup a new encrypted filing system, that will have a target-name of "opaque". If we have a free disk partition available, say /dev/hdb63, then we can use this directly to store the encrypted filing system. Alternatively, if we want to store the encrypted filing system within an ordinary file, we need to create space using a recipe such as: dd if=/dev/zero of=/home/opaque.fs bs=1M count=512 . cryptmount --generate-key 32 opaque . cryptmount --prepare opaque . mke2fs /dev/mapper/opaque . cryptmount --release opaque . mkdir /home/crypt . cryptmount -m opaque . cryptmount -u opaque For detail see sample output Show Sample Output


    -2
    cryptmount -m <name>
    totti · 2012-01-17 18:02:47 2
  • This should automatically mount it to /media/truecrypt1. Further mounts will go to /media/truecrypt2, and so on. You shouldn't need sudo/su if your permissions are right. I alias tru='truecrypt' since tr and true are commands. To explicitly create a mount point do: tru volume.tc /media/foo To make sure an GUI explorer window (nautilus, et al) opens on the mounted volume, add: --explorer To see what you currently have mounted do: tru -l To dismount a volume do: tru -d volume.tc. To dismount all mounted volumes at once do: tru -d Tested with Truecrypt v6.3a / Ubuntu 9.10


    2
    truecrypt volume.tc
    rkulla · 2010-04-14 18:34:09 0

What Others Think

Interesting. A few things I'd improve on. You use dd to create a sparse file, but truncate would be better: Besides, your file is 256MiB + 1 byte long. Urgh! truncate -s 256m If you're likely to fill the container, then a better bet would be fallocate. ext4 and btrfs support fallocate which will near-instantly allocate a contiguous block of space. fallocate -l 256m Next, I'd add a second parameter to control the size. This is very simple to do, using a defaulting variable ${2:-256} If $2 exists use it, otherwise use the number 256, e.g. fallocate -l ${2:-256}m $1 Unless Luks is supported by Windows (I haven't checked, but I'd be surprised if it were), I'd put a REAL filesystem inside the container: mke2fs -t ext4 Finally, I'd do something about the passwords. I don't want to type them in three times. A quick idea might be to turn on cryptsetup's batch mode cryptsetup luksFormat --batch-mode
flatcap · 225 weeks ago
I liked a lot of what you suggested & changed it. For the purposes of combatibility (there is a third party windows program that can open luks I believe) I left it FAT. In *nix only, I would do that (and personally will)
snipertyler · 225 weeks ago
:-)
flatcap · 225 weeks ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: