Package installation

Install the required packages:

# aptitude install e2fsprogs cryptsetup

Partitioning

Use your favourite partitioning tool, for example fdisk or cfdisk to set aside a whole partition with enough space to store your data.

Erase

This step is optional. For complete security you want the contents of the disk to be random before you start using it. Use the badblocks tool to do this.

# badblocks -c 10240 -s -w -t random -v /dev/sdX9

Format

The luksformat tool will format a partition to be used with LUKS (Linux Unified Key Setup) and then create a filesystem on it.

# luksformat -t ext3 /dev/sdX9

Mounting Manually

First use cryptsetup to create a device file:

# cryptsetup luksOpen /dev/sdX9 cryptofoo

You can now mount the device from /dev/mapper/cryptofoo:

# mount /dev/mapper/cryptofoo /mnt

When you’re done, unmount and then remove the cryptofoo device.

# umount /mnt; cryptsetup luksClose cryptofoo

Mount on Boot

Now all that remains is to add one line in each of crypttab and fstab

Add this line to /etc/crypttab:

myname /dev/sdX9 none luks

The crypttab file is examined by the system during boot. Each line maps a real encrypted device file (/dev/sdX9) to a virtual decrypted device file (/dev/mapper/myname). Once you’ve added done this run the following command to actually set up the mapping:

# /etc/init.d/cryptdisks restart

Now you can set up that virtual device file to be mounted like any other. For example, the following command would mount your filesystem:

# mount /dev/mapper/myname /mnt

Note that you should probably use partition UUIDs (UUID=XXXXX) in place of device file names (/dev/sdX9) in your crypttab for a more robust system. The easiest way to find these is by running:

# ls -l /dev/disks/by-uuid

Add a line like this to /etc/fstab

/dev/mapper/myname /path/to/mountpoint ext3 defaults 0 2