Create LUKS Partition
Now that we're ready, we can create the LUKS Partition. This section guides you over reformatting a partition
Listing Devices (Very Important)
You need to identify the correct partition for re-formatting. Keep in mind that all data is lost and wrong partition identification leads to data loss in disk.
LUKS Format Partition
Now that you got your device name, it's time to reformat the partition into LUKS partition. In this example, we will be using sda
as our dummy device.
The command is:
$ cryptsetup -y -v luksFormat /path/to/device
Based on our example, it is:
$ cryptsetup -y -v luksFormat /dev/sda
Open The Partition
With the encrypted partition is available for us, we need to open it.
The command is:
$ cryptsetup luksOpen /path/to/device <partitionLabel>
Based on our example, it is:
$ cryptsetup luksOpen /dev/sda sda_crypt
Open The Partition
With the encrypted partition is available for us, we need to open it.
The command is:
$ cryptsetup luksOpen /path/to/device
Based on our example, it is:
$ cryptsetup luksOpen /dev/sda
Randomize Dump
To ensure the partition is fully randomized when viewing from outside (especially using bit-level viewer), we need to dump random data into the partition. There are 2 ways to do it depending on the machine capabilities. However, do keep in mind that depending on the encrypted partition size, this process may takes hours (longest record for me is 12 hours).
If you have random data on your CPU:
$ dd if=/dev/urandom of=/dev/mapper/<partitionLabel> status=progress
Otherwise:
$ dd if=/dev/zero of=/dev/mapper/sda_crypt status=progress
Device is Ready for Use
Once the randomization is completed, the remapped partition is ready to use. Remember, you should always use the remapped device instead of the original one.
You can create lvm volume or reformat it to your desired filesystem.
That's all about reformatting a partition into LUKS encrypted partition.