====== Data drive encryption ======
===== Encryption on Debian 9 =====
  - Install dm-crypt<code>apt-get install cryptsetup</code>
  - If you encrypted data drives during initial system setup, your swap space will be encrypted as well. First remove the swap encryption.<code>sudo mkswap -f /dev/sda6
sudo swapon /dev/sda6</code>
  - Add the swap space to /etc/fstab. If you have swap on multiple drives, where the remaining space is allocated to a software RAID, add the swap partitions with the same priority.<code>/dev/hda6	none	swap	sw,pri=1	0	0</code>
  - Remove the fstab entry for mounting the encrypted volume
  - Add the following commands to [[deb9:setup|rc.local]] executed as root<code>echo "volume password" | sudo cryptsetup luksOpen /dev/mapper/vg-lv my_encrypted_volume
mount /dev/mapper/my_encrypted_volume /mount/point</code>
  - To lock the container again, it needs to be unmounted first<code>sudo umount /media/my_device
sudo cryptsetup luksClose my_encrypted_volume</code>

===== Encrypt volume =====
  - Find the Block Device Name of Your Partition<code>lsblk</code>
  - Set Up LUKS Header<code>sudo cryptsetup luksFormat /dev/mapper/<vg name>-<lv name></code>
  - Create a Filesystem on the Partition. You have to map this physical device to a virtual device. What gets written to the virtual device will be encrypted before being stored on the physical device.<code>sudo cryptsetup luksOpen /dev/mapper/<vg name>-<lv name> mapper/<vg name>-<lv name>_crypt
sudo mkfs.ext4 /dev/mapper/<vg name>-<lv name>_crypt</code>
  - Mount Encrypted Partition<code>sudo mount /dev/mapper/<vg name>-<lv name>_crypt /mountpoint</code>
  - If you need a directory tree to be copied from a backup location back to the newly encrypted drive, do it with rsync<code>rsync -av --progress --exclude '/home/user/VirtualBox VMs' /home/user /mountpoint/</code>

===== Links =====
  * [[https://askubuntu.com/questions/63594/mount-encrypted-volumes-from-command-line#answer-63598|Mount encrypted volumes from command line?]]
  * [[https://www.maketecheasier.com/encrypt-linux-partitions-dm-crypt/|How to Encrypt Your Partitions on Linux with dm-crypt]]
  * [[https://stackoverflow.com/questions/44797694/where-is-rc-local-in-debian-9-debian-stretch|Where is rc.local in Debian 9 (Debian Stretch)]]
  * [[https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system|dm-crypt/Encrypting an entire system]]
  * [[https://wiki.debian.org/LVM#Encrypted_LVM|LVM (Debian Wiki)]]
  * [[https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption|dm-crypt/Swap encryption]]
  * [[https://www.tldp.org/HOWTO/Partition/setting_up_swap.html|Setting up swap space]]
  * [[https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux|How to wipe free disk space in Linux?]]
  * [[https://superuser.com/questions/1193290/best-order-of-raid-lvm-and-luks/1193307|Best order of RAID, LVM and LUKS
]]