How to create encrypted disk image with Linux LUKS format using Cryptsetup

How to create encrypted disk image with Linux LUKS format using Cryptsetup

If you have sensitive data or file, you can make an iso image on Linux.

For example backup file, photo or even your source code, so no one can stole it.

Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and was originally intended for Linux.

LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.

Also Read: Encrypt your files with VeraCrypt on Linux, Windows, Mac OS and Android

LUKS stores all necessary setup information in the partition header, enabling to transport or migrate data seamlessly.

The benefits of LUKS is compatibility via standardization, secure against low entropy attacks, support for multiple keys, effective passphrase revocation, and most important is it’s free.


Cryptsetup is a utility used to conveniently set up disk encryption based on the DMCrypt kernel module.

These include plain dm-crypt volumes, LUKS volumes, loop-AES, TrueCrypt (including VeraCrypt extension) and BitLocker formats.

You can read more about Cryptsetup project here.

On CentOs, Cryptsetup ins installed by default. But if not, you can manually install with command below:

On Ubuntu use this command to install;

Create an empty file and use Crypsetup to create LUKS container:

Please note that must remember password. You can not get it back or use any forgot password, reset or remove password on LUKS container. So if you lost your password, you will never get your file on encrypted volume.

You need to decrypt your volume using crypsetup luksopen before you can format it.

The command above will map the file encrypted_volume.iso to the volume encVolume.

The volume encVolume will be available as /dev/mapper/encVolume. You can create file system for example Ext4, XFS or Fat.

Now you can mount /dev/mapper/encVolume

You can put your files on ~/backup

To close your encrypted container, first you need to unmount file system.

Use this command:

Leave a Reply

Your email address will not be published. Required fields are marked *