cryptsetup-luksformat
initialize LUKS encrypted partition
TLDR
Initialize LUKS volume with passphrase
$ cryptsetup luksFormat [/dev/sdXY]
Initialize LUKS volume with keyfile$ cryptsetup luksFormat [/dev/sdXY] [path/to/keyfile]
Initialize with passphrase and set label$ cryptsetup luksFormat --label [label] [/dev/sdXY]
SYNOPSIS
cryptsetup luksFormat [options] device [keyfile]
DESCRIPTION
cryptsetup luksFormat initializes a LUKS (Linux Unified Key Setup) encrypted partition. It creates the LUKS header and sets up the initial key slot with either a passphrase or keyfile.
LUKS provides standardized on-disk encryption with multiple key slots, secure key management, and compatibility across distributions.
PARAMETERS
--label label
Set LUKS2 label--type type
LUKS type (luks1, luks2)--cipher cipher
Encryption cipher--key-size bits
Key size in bits--hash hash
Hash algorithm for PBKDF--iter-time ms
PBKDF iteration time in milliseconds
CAVEATS
Destroys all data on the partition. Cannot be undone. Always backup data first. LUKS1 is more compatible; LUKS2 supports newer features. Requires root privileges.
SEE ALSO
cryptsetup(8), cryptsetup-open(8), lsblk(8)