1. Create an empty file sized to suit your needs. The one created
  1. in this example will be a sparse file of 8GB, meaning that no
  1. real blocks are written. Since we will force block allocation
  1. lateron, it would not make much sense to do this now, since
  1. the blocks will be rewritten anyway.

dd of=/path/to/secretfs bs=1G count=0 seek=8

  1. Lock down normal access to the file

chmod 600 /path/to/secretfs

  1. Associate a loopback device with the file

losetup /dev/loop0 /path/to/secretfs

  1. Encrypt storage in the device. cryptsetup will use the Linux
  1. device mapper to create, in this case, /dev/mapper/secretfs.
  1. The -y option specifies that you’ll be prompted to type the
  1. passphrase twice (once for verification).

cryptsetup -y create secretfs /dev/loop0

  1. Or, if you want to use LUKS, you should use the following two
  1. commands (optionally with additional) parameters. The first
  1. command initializes the volume, and sets an initial key. The
  1. second command opens the partition, and creates a mapping
  1. (in this case /dev/mapper/secretfs).

cryptsetup -y luksFormat /dev/loop0

cryptsetup luksOpen /dev/loop0 secretfs

  1. Check its status (optional)

cryptsetup status secretfs

  1. Now, we will write zeros to the new encrypted device. This
  1. will force the allocation of data blocks. And since the zeros
  1. are encrypted, this will look like random data to the outside
  1. world, making it nearly impossible to track down encrypted
  1. data blocks if someone gains access to the file that holds
  1. the encrypted filesystem.

dd if=/dev/zero of=/dev/mapper/secretfs

  1. Create a filesystem and verify its status

mke2fs -j -O dir_index /dev/mapper/secretfs

tune2fs -l /dev/mapper/secretfs

  1. Mount the new filesystem in a convenient location

mkdir /mnt/cryptofs/secretfs

mount /dev/mapper/secretfs /mnt/cryptofs/secretfs

viaHowTos/EncryptedFilesystem – CentOS Wiki.