diff --git a/scripts/cryptography/encrypt_image/close.sh b/scripts/cryptography/encrypt_image/close.sh
new file mode 100755
index 0000000..e650be1
--- /dev/null
+++ b/scripts/cryptography/encrypt_image/close.sh
@@ -0,0 +1,3 @@
+sudo umount ./decrypted
+sudo cryptsetup luksClose myEncryptedVolume
+rm -fr decrypted
diff --git a/scripts/cryptography/encrypt_image/init.sh b/scripts/cryptography/encrypt_image/init.sh
new file mode 100755
index 0000000..0d1b83b
--- /dev/null
+++ b/scripts/cryptography/encrypt_image/init.sh
@@ -0,0 +1,34 @@
+
+mkdir decrypted
+mkdir encrypted && cd encrypted
+
+# create image size 1GB
+dd if=/dev/zero of=encrypted.img bs=1 count=0 seek=1G
+
+# create keyfile
+dd if=/dev/random of=key.keyfile bs=1024 count=2
+
+# create encrypted image with keyfile
+sudo cryptsetup luksFormat encrypted.img key.keyfile
+
+echo "Enter passphrase( first half - your master key, last half - random passphrase on paper )"
+
+# encrypt keyfile with passphrase
+
+# decrypt image
+sudo cryptsetup luksOpen encrypted.img myEncryptedVolume --key-file key.keyfile
+
+gpg -c key.keyfile
+rm key.keyfile
+
+sudo mkfs.ext4 /dev/mapper/myEncryptedVolume
+sudo mount /dev/mapper/myEncryptedVolume ../decrypted
+sudo chown -R $USER ../decrypted
+
+
+# close image
+sudo umount ../decrypted
+sudo cryptsetup luksClose myEncryptedVolume
+rm -fr ../decrypted
+
+echo "move encrypted/key.keyfile on external media"
diff --git a/scripts/cryptography/encrypt_image/open.sh b/scripts/cryptography/encrypt_image/open.sh
new file mode 100755
index 0000000..831907d
--- /dev/null
+++ b/scripts/cryptography/encrypt_image/open.sh
@@ -0,0 +1,23 @@
+
+usage() {
+  echo "Usage: $0 [keyfile path]" >&2
+  exit 1
+}
+
+ENCRYPTED_KEYFILE="$1"
+
+
+if [ -z "$ENCRYPTED_KEYFILE" ]
+then
+  echo "Error: missing source file path parameter." >&2
+  usage
+fi
+
+mkdir decrypted
+gpg -d "$ENCRYPTED_KEYFILE" > decrypted/key.keyfile
+
+sudo cryptsetup luksOpen encrypted/encrypted.img myEncryptedVolume --key-file decrypted/key.keyfile
+rm decrypted/key.keyfile
+
+sudo mount /dev/mapper/myEncryptedVolume ./decrypted
+