Create LUKS Partition
Now that we're ready, we can create the LUKS Partition. This section guides you over reformatting a partition
Listing Devices (Very Important)
You need to identify the correct partition for re-formatting. Keep in mind that all data is lost and wrong partition identification leads to data loss in disk.
LUKS Format Partition
Now that you got your device name, it's time to reformat the partition into LUKS partition. In this example, we will be using sda as our dummy device.
The command is:
$ cryptsetup -y -v luksFormat /path/to/deviceBased on our example, it is:
$ cryptsetup -y -v luksFormat /dev/sdaOpen The Partition
With the encrypted partition is available for us, we need to open it.
The command is:
$ cryptsetup luksOpen /path/to/device <partitionLabel>Based on our example, it is:
$ cryptsetup luksOpen /dev/sda sda_cryptOpen The Partition
With the encrypted partition is available for us, we need to open it.
The command is:
$ cryptsetup luksOpen /path/to/device Based on our example, it is:
$ cryptsetup luksOpen /dev/sdaRandomize Dump
To ensure the partition is fully randomized when viewing from outside (especially using bit-level viewer), we need to dump random data into the partition. There are 2 ways to do it depending on the machine capabilities. However, do keep in mind that depending on the encrypted partition size, this process may takes hours (longest record for me is 12 hours).
If you have random data on your CPU:
$ dd if=/dev/urandom of=/dev/mapper/<partitionLabel> status=progressOtherwise:
$ dd if=/dev/zero of=/dev/mapper/sda_crypt status=progressDevice is Ready for Use
Once the randomization is completed, the remapped partition is ready to use. Remember, you should always use the remapped device instead of the original one.
You can create lvm volume or reformat it to your desired filesystem.
That's all about reformatting a partition into LUKS encrypted partition.