Device-Drivers/Multi-Device Support(RAID and LVM)/Device mapper support and Crypt target support
Device-Drivers/Block-devices/Loopback device support
Cryptographic options/AES cipher algorithm
dmsetup and cryptsetup
maybe: libgcrypt7-dev libdevmapper and hashalot
 modprobe aes-x86_64 (or aes_i56 for other cpu type)
 modprobe dm_mod
 modprobe dm_crypt

You can do this automatically in /etc/rc.local during boot-up.

Test if AES module is running:

 cat /proc/crypto 

Test if dm_crypt is running:

 dmsetup targets
crypt v1.11.0

With program cryptsetup you can create, remove, resize a device. To cipher /dev/sdc2 with 256-bit-aes use (be aware that all data on this partition will be lost):

 cryptsetup create mysecuredata /dev/sdc2

Afterwards you find the virtual device /dev/mapper/mysecuredata and you can format it with ext2:

 mkfs.ext2 /dev/mapper/mysecuredata
 mount /dev/mapper/mysecuredata /mnt/mysecuredata

To deactivate the device:

 umount /mnt/mysecuredata
 cryptsetup remove mysecuredata

To reactivate the device:

 cryptsetup create mysecuredata /dev/sdc2
 mount /dev/mapper/mysecuredata /mnt/mysecuredata

With dm-crypt you can also cipher a container or a swap-device.


 dd if=/dev/urandom of=container bs=1024k count=10
 losetup /dev/loop4 container
 cryptsetup -y create container /dev/loop4
 mkfs.ext2 /dev/mapper/container
 mount /dev/mapper/container /mnt/container
 umount ...
 cryptsetup remove container
 losetup -d /dev/loop4


 vim /etc/init.d/
 replace swapon -a 2 /dev/null with
     cryptsetup -c blowfish -s 64 -d /dev/urandom create swap0 /dev/hda4
     mkswap /dev/mapper/swap0
     swapon /dev/mapper/swap0

After next boot test the loop device with:

 ls -lA /dev/mapper | grep swap0

and if swap device is being used:

 cat /proc/swaps
 /dev/mapper/swap0 ...