Cryptsetup is a utility used to conveniently set up disk encryption based
on the DMCrypt kernel module.
These include plain dm-crypt volumes, LUKS volumes, loop-AES
and TrueCrypt (including VeraCrypt extension) formats.
The project also includes a veritysetup utility used to conveniently setup
DMVerity block integrity checking kernel module
and, since version 2.0, integritysetup to setup
DMIntegrity block integrity kernel module.
LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not
only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.
LUKS stores all necessary setup information in the partition header, enabling to transport or migrate data seamlessly.
- compatibility via standardization,
- secure against low entropy attacks,
- support for multiple keys,
- effective passphrase revocation,
- free.
Unfortunately, NO simple way to do it.
When you do $ sudo cryptsetup luksFormat /dev/sdX, your data in the partition will be overwrited irrevocably.
Someone has anyother method, but I suggest you backup your whole system first, then perform reinstall.
Or, you can just encrpyt your /home partition, but not /root (Impossible to encrypt /root after OS is finished installed).
sudo cryptsetup luksOpen /dev/sda2 cryptdisk
...
# Then it will ask your encryption key
# If key is correct, partition will be unlocked
...
...You can use gparted to do shrink operation (suggest);
gpartedOr by using command resize2fs
resize2fs -p /dev/CryptVolumeGroup/Home 208GReferences:
https://wiki.archlinux.org/index.php/Resizing_LVM-on-LUKS
https://gitlab.com/cryptsetup/cryptsetup