# Note: This depends on a key file and directory. Optimally, this would be placed
# on a separate, removable device.# Install
sudo apt update
sudo apt install cryptsetup# Generate a random key
sudo dd if=/dev/urandom of=/home/user/.KeyPath/Key bs=1 count=4096
sudo chown user:user/home/user/.KeyPath/Key
sudo chmod 600 /home/user/.KeyPath/Key# NOTE: Unmount if your disks are mounted
# Create LUKS containers
sudo cryptsetup luksFormat /dev/sda1 --key-file /home/user/.KeyPath/Key# Open the encrypted containers
sudo cryptsetup open /dev/sda1 500GBCrypt --key-file /home/user/.KeyPath/Key# Create filesystems
sudo mkfs.ext4 /dev/mapper/500GBCrypt# Get the LUKS UUIDs (for crypttab):
sudo cryptsetup luksUUID /dev/sda1# Get the filesystem UUIDs (for fstab):
sudo blkid /dev/mapper/500GBCrypt# Create mount points and mount
sudo mkdir -p /mnt/500GB# Configure automatic mounting at boot using UUIDs
sudo vim /etc/crypttab
# NOTE: Add these lines (replace with actual LUKS UUIDs):
#
# 500GBCrypt UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /home/user/.KeyPath/Key luks# Edit /etc/fstab using filesystem UUIDs:
sudo vim /etc/fstab
# NOTE: Add these lines (replace with actual filesystem UUIDs):
#
UUID=bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb /mnt/500GB ext4 defaults 0 2Step 8: Test the configuration
bash
# Close all encrypted volumes
sudo cryptsetup close 500GBCrypt# Test crypttab (should open all volumes using UUIDs)
sudo cryptdisks_start 500GBCrypt# Test fstab
sudo mount -a# Verify everything is mounted
lsblk
