Cryptsetup
1. Create LUKS partition
| $ cryptsetup --verbose luksFormat --verify-passphrase /dev/sdX1
|
2. Initialize and unlock LUKS partition
| $ cryptsetup -v luksOpen /dev/sdX1 volumeEncrypted
|
3. Create a filesystem on device mapper
| $ mkfs.ext4 /dev/mapper/volumeEncrypted
|
4. Mount the device mapper on the directory
| $ mkdir /mnt/volumeEncrypted && mount /dev/mapper/volumeEncrypted /mnt/volumeEncrypted
|
5. Umount the device mapper
| $ umount /mnt/volumeEncrypted
|
6. Lock LUKS partition
| $ cryptsetup -v luksClose volumeEncrypted
|
Bonus :
Retrieve UUID of partitions
Create a alias for unlock/mount and unmount/lock for LUKS partition
| # Unlock and mount
alias dopen='sudo cryptsetup -v luksOpen /dev/disk/by-uuid/00000000-1111-2222-3333-444444444444 volumeEncrypted && sudo mount --uuid aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee /mnt/private'
# Umount and lock
alias dclose='sudo umount /mnt/private ; sudo cryptsetup -v luksClose volumeEncrypted'
|
Representation of the example above :
| NAME FSTYPE UUID
sdb
│
├─[...]
│
└─sdb3 crypto_LUKS 00000000-1111-2222-3333-444444444444
└─volumeEncrypted ext4 aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
|