LUKS

Install

aptitude install cryptsetup

Set up an encrypted volume

Volume used in the example: /dev/mapper/lvm-backup

Preparation

Check the disk and fill it with some random data at the same time (this operation takes some time following the size of your partition):

badblocks -c 10240 -s -w -t random /dev/mapper/lvm-backup

Setting up the LUKS encryption (here with aes-xts-plain cipher):

cryptsetup luksFormat -c aes-xts-plain -s 256 /dev/mapper/lvm-backup

Open the LUKS volume:

cryptsetup luksOpen /dev/mapper/lvm-backup luks-backup

Create the file system (ext4 used here):

mkfs.ext4 /dev/mapper/luks-backup

Mount the LUKS volume:

mkdir /mnt/luks-backup
mount /dev/mapper/luks-backup /mnt/luks-backup

Close the LUKS volume:

cryptsetup luksClose luks-backup

Open the LUKS volume with a key file

The key file will be used to open the LUKS volume in a automatic way. First retrieve the size of the key (here it is 256, following the previous commands):

cryptsetup luksDump /dev/mapper/lvm-backup | grep "MK bits"
MK bits:        256

Divide by 8 = 32 bytes, the size of the keyfile. We can use dd to generate a random key file (or any other tool like gpg for instance):

dd if=/dev/random of=/path/to/backup.key bs=1 count=32

Add the key to the volume:

cryptsetup luksAddKey /dev/mapper/lvm-backup /path/to/backup.key

Then, open the volume with the key:

cryptsetup --key-file=backup.key luksOpen /dev/mapper/lvm-backup luks-backup
mount /dev/mapper/luks-backup /mnt/luks-backup