luks-encrypt an entire hard drive using a randomly-generated keyfile.
Linux & friends
git clone https://gitea.gf4.pw/ki9/luksit.git /usr/local/src/luksit ln -s /usr/local/src/luksit/luksit /usr/local/bin/luksit
WARNING! This program will wipe any drive you feed it and replace it with an empty luks-encrypted filesystem. Always read command line prompts before typing 'y'. Always double-check the device filename. Always keep backups of your important data. I am not responsible for misuse of this program.
First, find the device name of the target drive. I use the
lsblk command. Others prefer
fdisk -l. Check and double check. If you go by the size, ensure you have no other drives of that size.
Assuming the target device file is
/dev/sdf, you can create a luks-encrypted ext4 filesystem on that drive by running this command. You can change
mydrive to something more memorable. The decryption key will be saved to
/root/luks/mydrive.key unless you modify the
$KEYDIR var in the script.
luksit sdf mydrive ext4
Mounting on boot
The script does not yet support adding lines to
/etc/crypttab. Consult the "automountable" section in
original-tutorial.md for help with automounting the drive.
luksit - Luks-encrypt drives with a single command
Copyright © 2021 Keith Irwin www.ki9.us
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.