Create an empty file with the size of your container
dd if=/dev/zero bs=1M count=100 of=~/my-container.img
Here I’ll use a 100MB container
Initialise the LUKS partition on the file and set the initial passphrase.
cryptsetup luksFormat ~/mycontainer
Open the container. Opening the container creates a kernel device file which can then be mounted.
cryptsetup luksOpen ~/mycontainer secret-device
This command will prompt for the container’s passphrase and then create a device file with the name
/dev/mapper/secret-device. You may choose another name than “secret-device”.
The container is now decrypted. Since the device has no filesystem yet we still cannot put any data on it. Use mkfs.ext4 to create an ext4 filesystem on the decrypted container:
Now the filesystem can be mounted like a filesystem on a regular block device.
mkdir ~/my-mount-point mount /dev/mapper/secret-device ~/my-mount-point
You can now write to the directory as usual. Once you are done follow these steps to unmount the device and close (= re-encrypt) the container:
umount ~/my-mount-point cryptsetup luksClose secret-device
To access the container again only these two commands are required:
cryptsetup luksOpen ~/mycontainer secret-device mount /dev/mapper/secret-device ~/my-mount-point