Encrypting partitions with cryptsetup
Simple Security

Modern installers offer the option of encryption with just a few clicks, but you might want to take control of the process. We show how to encrypt your partitions safely without sacrificing convenience.
The easiest time to encrypt a partition is when installing your operating system. Usually, you don't have to juggle existing partitions or even think about the process: Just click an option, and many modern installers take care of the rest. By contrast, encryption after installation is more complex, although it's still possible, as long as you work systematically.
Because modern installers routinely give the option of encryption, you might think it an unalloyed good. What could possibly go wrong with concealing your data from intruders? The simple answer is: a lot.
For one reason, all forms of encryption reduce performance, which means that encryption might not be suitable for older or less powerful machines. For another, if an encrypted filesystem becomes corrupted, recovery becomes more complicated – especially if you have encrypted the entire drive. The man page for cryptsetup [1] can give all sorts of other worries to test your nerves, ranging from corrupted headers, to problems when character encoding changes, to lingering problems caused by insufficiently wiped data.
[...]
Buy this article as PDF
(incl. VAT)