Encrypting a Volume

It’s really easy. Let’s assume sdc is the drive (because it is for me). Open up gdisk, make a new GPT and fill the disk with a partition of type FD00 (this is Linux RAID, which allegedly is conventional).

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048       124735454   59.5 GiB    FD00  Linux RAID

You can also rename the partition to LUKS or something.

cryptsetup should be compiled with sane defaults (you can check with --help), so encryption is done with

cryptsetup -v --verify-passphrase luksFormat /dev/sdc1

(which can be elaborated on if the compiled defaults are not to your liking).

Open the LUKS container with

cryptsetup open /dev/sdc1 luks_volume

(where luks_volume is the unimaginative name of the container).

sdc                  8:32   1  59.5G  0 disk
└─sdc1               8:33   1  59.5G  0 part
  └─luks_volume     254:2   0  59.5G  0 crypt

This creates a handle in /dev/mapper/luks_volume. It’s not a filesystem yet, though.

mkfs.ext4 /dev/mapper/luks_volume

Now we can mount it! See Mounting an encrypted LUKS volume for how to do that.