forksand-it-manual/source/resources/apps/cryptsetup/ADD-DRIVE.md

# HOWTO add encrypted drive to an existing system.

exit 0

# XXX Change device names as appropriate
fdisk /dev/nvme1n1
# Make gpt partition
# Make linux parition full disk size

# --hash, --cipher --key-size, --key-slot --label 
cryptsetup luksFormat /dev/nvme1n1p1
# or like:
cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat /dev/nvme1n1p1

# "devel: (arbitrary name) is named now:
cryptsetup luksOpen /dev/nvme1n1p1 devel
# Format drive:
mkfs.ext4 /dev/mapper/devel

# Add to /etc/crypttab:
devel UUID=00000000-0000-0000-0000-000000000000 none luks

# Add to /etc/fstab:
# Note this UUID is not the same as the UUID in the crypttab
UUID=00000000-0000-0000-0000-000000000000 /srv/devel ext4  defaults        0       2

# To change password:
cryptsetup -y luksAddKey /dev/nvme1n1p1
cryptsetup luksRemoveKey /dev/nvme1n1p1
Cryptsetup new drive 5 years ago			`# HOWTO add encrypted drive to an existing system.`

			`exit 0`

			`# XXX Change device names as appropriate`
			`fdisk /dev/nvme1n1`
			`# Make gpt partition`
			`# Make linux parition full disk size`

			`# --hash, --cipher --key-size, --key-slot --label`
			`cryptsetup luksFormat /dev/nvme1n1p1`
			`# or like:`
			`cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat /dev/nvme1n1p1`

			`# "devel: (arbitrary name) is named now:`
			`cryptsetup luksOpen /dev/nvme1n1p1 devel`
			`# Format drive:`
			`mkfs.ext4 /dev/mapper/devel`

			`# Add to /etc/crypttab:`
			`devel UUID=00000000-0000-0000-0000-000000000000 none luks`

			`# Add to /etc/fstab:`
			`# Note this UUID is not the same as the UUID in the crypttab`
			`UUID=00000000-0000-0000-0000-000000000000 /srv/devel ext4 defaults 0 2`

			`# To change password:`
			`cryptsetup -y luksAddKey /dev/nvme1n1p1`
			`cryptsetup luksRemoveKey /dev/nvme1n1p1`