Create LUKS Partition

Now that we're ready, we can create the LUKS Partition. This section guides you over reformatting a partition

Listing Devices (Very Important)

You need to identify the correct partition for re-formatting. Keep in mind that all data is lost and wrong partition identification leads to data loss in disk.

List All Cryptsetup Encrypted Partitions ⮚

LUKS Format Partition

Now that you got your device name, it's time to reformat the partition into LUKS partition. In this example, we will be using sda as our dummy device.

The command is:

$ cryptsetup -y -v luksFormat /path/to/device

Based on our example, it is:

$ cryptsetup -y -v luksFormat /dev/sda

Open The Partition

With the encrypted partition is available for us, we need to open it.

The command is:

$ cryptsetup luksOpen /path/to/device <partitionLabel>

Based on our example, it is:

$ cryptsetup luksOpen /dev/sda sda_crypt

Open The Partition

With the encrypted partition is available for us, we need to open it.

The command is:

$ cryptsetup luksOpen /path/to/device

Based on our example, it is:

$ cryptsetup luksOpen /dev/sda

Randomize Dump

To ensure the partition is fully randomized when viewing from outside (especially using bit-level viewer), we need to dump random data into the partition. There are 2 ways to do it depending on the machine capabilities. However, do keep in mind that depending on the encrypted partition size, this process may takes hours (longest record for me is 12 hours).

If you have random data on your CPU:

$ dd if=/dev/urandom of=/dev/mapper/<partitionLabel>  status=progress

Otherwise:

$ dd if=/dev/zero of=/dev/mapper/sda_crypt  status=progress

Device is Ready for Use

Once the randomization is completed, the remapped partition is ready to use. Remember, you should always use the remapped device instead of the original one.

You can create lvm volume or reformat it to your desired filesystem.

That's all about reformatting a partition into LUKS encrypted partition.

⮘ Back