cryptsetup LUKS2 Creating encrypted virtual Disk Image and mount it

Posted on 2023-11-29 Edited on 2023-12-01 In cryptsetup , luks , encryption , virtual , disk

%%{
  init: {
    'theme': 'base',
    'themeVariables': {
      'primaryColor': '#3ed72b',
      'primaryTextColor': '#000',
      'primaryBorderColor': '#000',
      'lineColor': '#fff',
      'secondaryColor': '#e6f01b',
      'tertiaryColor': '#fff'
    }
  }
}%%


flowchart LR
   id1[/virtual Disk/]
   id3[/ ctryptsetup/]
   id2[LUKS 
format
 encrypt
passphrase]
   id9[/format ext4/]
   id10[/open  /]
   id5[/mount/]
   id6[/detach /]
   id7[/close  /]
   id1-->id3
   id3-->id2
   id2-->id10
   id10-->id9
   id10-->id5
   id5-->id6
   id5-->id7

overview

install cryptsetup
creating virtual disk with dd
format and encrypt virtaul disk with cryptsetup
- setpassphrase
opening encrypted virtual disk with cryptsetup
- format virtual disk with ext4 mkfs
- create mountpoint with mkdir
- mount LUKS opened disk to mointpoint
- detach mount
- close LUKS

install cryptsetup LUKS

sudo apt-get install cryptsetup-bin

Creating virtual Disk file

virtual disk filename:
crypted-disk-luks.img

size:
100MB

dd if=/dev/zero of=crypted-disk-luks.img  bs=100M count=0 seek=1

info: with fdisk -l crypted-disk-luks.img you can check virtual disk size

Disk Encryption preparation

format and encrypt virtual disk

cryptsetup -q -y  luksFormat crypted-disk-luks.img

info: you will be asked for passphrase to encrypt/decrypt disk

open LUKS encrypted virtual disk

sudo cryptsetup luksOpen /data/crypted/crypted-disk-luks.img virtualDiskMapper

info: virtualDiskMapper is the pointname under /dev/mapper/virtalDiskMapper

check LUKS opened virual Disk on /dev/mapper

sudo fdisk -l /dev/mapper/virtualDiskMapper

info: you should see size of disk little less than 100MB (it is ok)

format inside opened LUKS the virtual Disk with your prefered file system

in this case: ext4

sudo mkfs.ext4 /dev/mapper/virtualDiskMapper

info: this format has no effect to encryption, so do it

Mount LUKS encrypted virtual disk

above we opened LUKS enrypted virtual already, in this point you dont need to open, because it is opened with passphrase already.

sudo cryptsetup luksOpen /data/crypted/crypted-disk-luks.img virtualDiskMapper

create mountpoint for LUKS virtual disk

sudo mkdir /mnt/LUKSDISK

info: this mointpoint you need to create only one time

mount LUKS virtual disk to mointpoint

sudo mount /dev/mapper/virtualDiskMapper /mnt/LUKSDISK

closing LUKS opened virtual disk

actually our enrypted disk is mounted on moinpoint.
so first detach mountpoint

detach moinpoint

sudo umount /mnt/LUKSDISK

close LUKS virtual Disk

sudo cryptsetup luksClose virtualDiskMapper

info: this commad will detach dev mapped virtualDiskMapper also

%%{
  init: {
    'theme': 'base',
    'themeVariables': {
      'primaryColor': '#3ed72b',
      'primaryTextColor': '#fff',
      'primaryBorderColor': '#cfd72b',
      'lineColor': '#e6f01b',
      'secondaryColor': '#e6f01b',
      'tertiaryColor': '#fff'
    }
  }
}%%

mindmap
   root(Virtual Disk)
     cryptsetup
       LUKS
         format
           encrypt
       LUKS open
         decrypt
           mount
             close
               detach mount
               close luks