Tutorial

Encrypted disk with cryptsetup

In this how-to article I’m showing you how you can create a new fully encrypted disk using cryptsetup in Linux via the command line

Before you start: This is safe encryption without any known backdoors or recovery principles. If you loose your passphrase, you loose your data. Make sure you have the passphrase written down and stored in a safe place, otherwise you can cry your data goodbye.

Throughout the article I’m assuming we want to prepare /dev/sdb1.

  1. Ensure /dev/sdb1 IS THE RIGHT DISK. The disk will be overwritten and any data on it will be erased.
  2. Ensure /dev/sdb1 is unmounted
  3. cryptsetup luksFormat /dev/sdb1
    1. Enter your passphrase
    2. Ensure you have the passphrase written down and stored in a safe spot
  4. Open the device for creating a filesystem: cryptsetup luksOpen /dev/sdb1 cryptodisk
  5. mkfs.xfs -L cryptodisk /dev/mapper/cryptodisk
  6. Optional: close disk: cryptsetup luksClose cryptodisk
Tutorial
Licensed under CC BY-NC-SA 4.0