Create encrypted ext4-Partition

DEVICE can be a parition like /dev/sdb1 or the whole device like /dev/sdb. Therefore see Differences between /dev/sda and /dev/sda1

  • Override the beginning of the partition with random numbers
# dd if=/dev/urandom of=/dev/DEVICE bs=1M count=8
  • Encrypt the partition
    The confirmation message should be answered with YES (uppercase!)
# cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -y /dev/DEVICE
  • Create ext4 filesystem
# cryptsetup luksOpen /dev/DEVICE crypt_DEVICE
# mkfs.ext4 /dev/mapper/crypt_DEVICE
# cryptsetup luksClose crypt_DEVICE
