encrypt a partition with luks
partition your device like you would normally
partition your device like you would normally
sudo fdisk /dev/sdx
...
add a key (from stdin) to encrypt this partition
sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdxN
create & add a second key from file (optional)
sudo dd if=/dev/urandom of=/path/XYZ.key bs=1024 count=8
sudo cryptsetup luksAddKey /dev/sdxN /path/XYZ.key
check keys for a given partition
sudo cryptsetup luksDump /dev/sdxN
open encrypted partition and mount to /dev/mapper/XXXXX
sudo cryptsetup luksOpen /dev/sdxN XXXXX
create a file system like you would in any normal block device
sudo mkfs.ext4 /dev/mapper/XXXXX
mount like any normal block device
sudo mkdir /mnt/my_encrypted_partition
sudo mount /dev/mapper/XXXXX /mnt/my_encrypted_partition
add your stuff to the encrypted partition
sudo mv /path/my_secret_file /mnt/my_encrypted_partition/
umount like any normal block device
sudo umount /mnt/my_encrypted_partition
close the encrypted partition
sudo cryptsetup luksClose /dev/mapper/XXXXX
how to mount at boot (with a key file)
# get the UUID of the encrypted block device.
sudo cryptsetup luksUUID /dev/sdxN
# edit /etc/crypttab to add the following entry.
XXXXX /dev/disk/by-uuid/[UUID] /path/XYZ.key luks
# edit /etc/fstab and add it as a normal block device
/dev/mapper/XXXXX /mnt/my_encrypted_partition ext4