forksand-it-manual/source/resources/apps/cryptsetup/ADD-DRIVE.md

HOWTO add encrypted drive to an existing system.

exit 0

XXX Change device names as appropriate

fdisk /dev/nvme1n1

Make gpt partition

Make linux parition full disk size

--hash, --cipher --key-size, --key-slot --label

cryptsetup luksFormat /dev/nvme1n1p1

or like:

cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat /dev/nvme1n1p1

"devel: (arbitrary name) is named now:

cryptsetup luksOpen /dev/nvme1n1p1 devel

Format drive:

mkfs.ext4 /dev/mapper/devel

Add to /etc/crypttab:

devel UUID=00000000-0000-0000-0000-000000000000 none luks

Add to /etc/fstab:

Note this UUID is not the same as the UUID in the crypttab

UUID=00000000-0000-0000-0000-000000000000 /srv/devel ext4 defaults 0 2

To change password:

cryptsetup -y luksAddKey /dev/nvme1n1p1 cryptsetup luksRemoveKey /dev/nvme1n1p1