Encrypting a Volume
It’s really easy. Let’s assume sdc
is the drive (because it is for me). Open up gdisk
, make a new GPT and fill the disk with a partition of type FD00
(this is Linux RAID, which allegedly is conventional).
Number Start (sector) End (sector) Size Code Name 1 2048 124735454 59.5 GiB FD00 Linux RAID
You can also rename the partition to LUKS or something.
cryptsetup
should be compiled with sane defaults (you can check with --help
), so encryption is done with
cryptsetup -v --verify-passphrase luksFormat /dev/sdc1
(which can be elaborated on if the compiled defaults are not to your liking).
Open the LUKS container with
cryptsetup open /dev/sdc1 luks_volume
(where luks_volume
is the unimaginative name of the container).
sdc 8:32 1 59.5G 0 disk └─sdc1 8:33 1 59.5G 0 part └─luks_volume 254:2 0 59.5G 0 crypt
This creates a handle in /dev/mapper/luks_volume
. It’s not a filesystem yet, though.
mkfs.ext4 /dev/mapper/luks_volume
Now we can mount it! See Mounting an encrypted LUKS volume for how to do that.