I wanted to encrypt the disks that I use to regularly make a backup so I can put it offsite without that nagging thought that just about anyone can read it’s contents when it gets stolen/lost.
Find out the name of the disk you want to encrypt. I usually use a ‘sudo fdisk -l’ to find out which disk. In my case /dev/sdc3 so I will use that in this example. Substitute with your own unless you want to lose data.
Make sure your disk is not mounted:
sudo umount /dev/sdc3
It is good practice to fill the disk with some initial garbage to make any decryption attempts harder.
sudo dd if=/dev/urandom of=/dev/sdc3
# Login as root sudo -i # Install cryptsetup apt-get install cryptsetup # I am using a passphrase to setup the encryption you could optionally use a keyfile. Check out the manual for more info. cryptsetup -y create crypt /dev/sdc3 # Create an ext4 filesystem. (-m 0 -> No reserved blocks for root, this is an external disk) mkfs.ext4 -m 0 /dev/mapper/crypt # Create a directory to mount to and mount mkdir /mnt/crypt && mount /dev/mapper/crypt /mnt/crypt
sudo cryptsetup create crypt /dev/sdc3 sudo mount /dev/mapper/crypt /mnt/crypt
That did it for me. I just wanted a small barrier to chase away curious people.