In this how-to article I’m showing you how you can create a new fully encrypted disk using cryptsetup
in Linux via the command line
Before you start: This is safe encryption without any known backdoors or recovery principles. If you loose your passphrase, you loose your data. Make sure you have the passphrase written down and stored in a safe place, otherwise you can cry your data goodbye.
Throughout the article I’m assuming we want to prepare /dev/sdb1
.
- Ensure
/dev/sdb1
IS THE RIGHT DISK. The disk will be overwritten and any data on it will be erased. - Ensure
/dev/sdb1
is unmounted cryptsetup luksFormat /dev/sdb1
- Enter your passphrase
- Ensure you have the passphrase written down and stored in a safe spot
- Open the device for creating a filesystem:
cryptsetup luksOpen /dev/sdb1 cryptodisk
mkfs.xfs -L cryptodisk /dev/mapper/cryptodisk
- Optional: close disk:
cryptsetup luksClose cryptodisk