In this example, we’ll set up a 16Gb encrypted partition on a separate disk.
Note that this will wipe everything on your partition.
As root, use fdisk to determine which partition you want to use:
# fdisk -l
You could also use lsblk to show your installed drives:
# lsblk
In our case, we’re going to encrypt /dev/sde1, a 16GB USB stick.
First thing you need to do is to come up with a passphrase that you can remember.
Next, we’ll start the encryption process.
In our case, we want:
# cryptsetup -v luksFormat --type=luks2 /dev/sde1
Pay attention to the prompts.
You can check the man page for more options.
Now let’s open the encrypted volume, and give it a name for mapping the partition:
# cryptsetup open /dev/sde1 mypart
Next, give it a filesystem, using ext4:
# mkfs.ext4 /dev/mapper/mypart
Now create a mount point:
# mkdir /mnt/testenc
To mount the encrypted volume, you can use the cryptsetup with the mount command.
# cryptsetup --type luks open /dev/sde1 mypart
# mount -t ext4 /dev/mapper/mypart /mnt/testenc
To close the partition, do the following:
# umount /place/to/mount
# cryptsetup close mypart