crypsetup

Create New Encrypted Device

In this example, a hard drive device /dev/sda will have three partitions: root, swap, encrypted filesystem.

Create an encrypted swap partition on /dev/sda2:

cryptsetup -c blowfish -h sha256 -d /dev/random create swap /dev/sda2

This will create the encrypted device /dev/mapper/swap. At this point, you can format it as normal:

mkswap /dev/mapper/swap

Now, create the new encrypted device. It will not ask for a name here, only when you open it.

cryptsetup --verify-passphrase luksFormat /dev/sda3

Unlock the encrypted device and name it luks0:

cryptsetup luksOpen /dev/sda3 luks0

Format the new device with a filesystem:

mkfs.ext4 /dev/mapper/luks0

Mount an Encrypted Device

Access the encrypted device and give it a name, in this case luks0:

cryptsetup luksOpen /dev/sda3 luks0

This will create a device /dev/mapper/luks0, which you can then mount as normal:

mount /dev/mapper/luks0 /mnt/luks0