LUKS encrypted filesystem can be created over any of the block devices like a bare hard disk, logical volume, or a raid array.
To create a LUKS encrypted file-system, we first need to write the block device with random data.
dd if=/dev/urandom of=/dev/sdb bs=1K
This may take a little while depending on the size of the disk.
After that, disk has to be formatted as LUKS:
cryptsetup –verbose luksFormat --verify-passphrase /dev/sdb
Now, open the encrypted disk:
cryptsetup –verbose luksOpen /dev/sdb enc_data
Enc_data will be created under /dev/mapper.
Now, proceed with formatting the encrypted disk with ext4:
mkfs –t ext4 /dev/mapper/enc_data
And, lastly mount the file-system to a mount point.
To close the encrypted disk, unmount the disk first. Then issue the following command:
cryptsetup –verbose luksClose enc_data
To check the status of the encrypted disk:
cryptsetup status enc_data
To open the encrypted disk while booting, put a line with the encrypted disk name and the underlying block device in the
/etc/crypttab file:
Enc_data /dev/sdb