Table of Contents
crypsetup
Create New Encrypted Device
In this example, a hard drive device /dev/sda will have three partitions: root, swap, encrypted filesystem.
Create an encrypted swap partition on /dev/sda2:
cryptsetup -c blowfish -h sha256 -d /dev/random create swap /dev/sda2
This will create the encrypted device /dev/mapper/swap. At this point, you can format it as normal:
mkswap /dev/mapper/swap
Now, create the new encrypted device. It will not ask for a name here, only when you open it.
cryptsetup --verify-passphrase luksFormat /dev/sda3
Unlock the encrypted device and name it luks0:
cryptsetup luksOpen /dev/sda3 luks0
Format the new device with a filesystem:
mkfs.ext4 /dev/mapper/luks0
Mount an Encrypted Device
Access the encrypted device and give it a name, in this case luks0:
cryptsetup luksOpen /dev/sda3 luks0
This will create a device /dev/mapper/luks0, which you can then mount as normal:
mount /dev/mapper/luks0 /mnt/luks0
