Create an empty file with the size of your container

dd if=/dev/zero bs=1M count=100 of=~/my-container.img

Here I’ll use a 100MB container

Initialise the LUKS partition on the file and set the initial passphrase.

cryptsetup luksFormat ~/mycontainer

Open the container. Opening the container creates a kernel device file which can then be mounted.

cryptsetup luksOpen ~/mycontainer secret-device

This command will prompt for the container’s passphrase and then create a device file with the name /dev/mapper/secret-device. You may choose another name than “secret-device”.

The container is now decrypted. Since the device has no filesystem yet we still cannot put any data on it. Use mkfs.ext4 to create an ext4 filesystem on the decrypted container:

mkfs.ext4 /dev/mapper/secret-device

Now the filesystem can be mounted like a filesystem on a regular block device.

mkdir ~/my-mount-point
mount /dev/mapper/secret-device ~/my-mount-point

You can now write to the directory as usual. Once you are done follow these steps to unmount the device and close (= re-encrypt) the container:

umount ~/my-mount-point
cryptsetup luksClose secret-device

To access the container again only these two commands are required:

cryptsetup luksOpen ~/mycontainer secret-device
mount /dev/mapper/secret-device ~/my-mount-point