LUKS
a transparent disk encryption subsystem in the Linux kernel. It is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitions, software RAID volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systems, swap or as an LVM physical volume
Usage
Initialize device:
cryptsetup luksFormat deviceOpen device:
cryptsetup open device dmnameDevice will be mapped in /dev/mapper/dmname
Close device:
cryptsetup close dmname Show device info:
cryptsetup luksDump deviceResize device:
cryptsetup resize deviceCrypttab
Define crypto targets in /etc/crypttab
name underlying device passphrase cryptsetup options
backup /dev/sdb1 /key/backup.key
After devices are unlocked they can be mounted using fstab.