Encrypting a partition not used in the boot process

Introduction

dm-crypt

Short for Device Manager enCRYPTion.

/etc/crypttab

encrypt a partition. will prompt for password

Linux Unified Key Setup (LUKS)

cryptsetup luksFormat /dev/<device>
cryptsetup luksFormat /dev/sda1

can check with:

cryptsetup open /dev/sda1 name

Creates in

/dev/mapper/name

Can close:

cryptsetup close name

When open can eg format it:

mkfs -t ext4 /dev/mapper/name

Sort

Public Key Cryptography Standards (PKCS)#11 tokens Fast IDentity Online 2 (FIDO2) tokens

dm-verity dm-integrity

/proc/crypto

/etc/initcpio/hooks/openswap