How to create an encrypted filesystem (LUKS)

    This example creates an encrypted file system: on /dev/sda3 using dm-crypt with LUKS. It's based on Debian and applies to other Debian distros.

    • Install the necessary packages

    apt-get install cryptsetup

    • setup the partition

    cryptsetup luksFormat /dev/sda3 (give it a passphrase)

    • open (unlock) the partition

    cryptsetup luksOpen /dev/sda3 sda3

    • format the partition (assumes XFS)

    mkfs.xfs /dev/mapper/sda3

    • Add to /etc/fstab
    /dev/mapper/sda3        /share    xfs             noauto  0       0
    • add the following to sudo if you want a non-root user to be able to mount it
    username     ALL = NOPASSWD:/sbin/cryptsetupusername     ALL = NOPASSWD:/bin/mountusername     ALL = NOPASSWD:/usr/sbin/xfs_check
    • The following is a simple shell script to open and mount the partition on /share


    #!/bin/shcryptsetup luksOpen /dev/sda3 sda3mount /dev/mapper/sda3 /share