Unfortunately cryptsetup cannot encrypt your existing data; you must create an encrypted partition, then move your data to it. The easy way to manage your partitions is with GParted. GParted (the Gnome Partition editor) is available on all the major Linux distributions, and is a nice graphical front-end to fdisk, mkfs, and other filesystem utilities. With GParted you can resize, move, delete and create partitions, and format them with your favorite filesystem. It supports all the partition types and filesystems supported by your kernel, so you can even use it on Windows partitions on your dual-boot boxes. You can use the GParted live CD on new empty hard drives.

We're just going to encrypt data partitions. There are ways to encrypt other filesystem partitions that hold potentially sensitive data, such as /var and /etc, but it is complex and tricky because these cannot be encrypted at boot. So I am going to chicken out and merely point to a page that tells how to do this in Resources, because in my own testing I have not gotten it working reliably. Yet.

It doesn't matter if you format your partition with a filesystem at this point because everything will be overwritten, and the filesystem formatted after encryption.

Your encrypted partition will be protected by a password. If you lose your password, you are so out of luck--your data will not be recoverable.

Next: Encrypting the Partition »