====== Cryptsetup ======

===== format =====
<code>
cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom --verify-passphrase luksFormat /dev/sdX0
</code>

Or, with default option
<code>
cryptsetup luksFormat /dev/sdX0
</code>

<code>
cryptsetup luksOpen /dev/sdX0 rootfs
mkfs.ext4 /dev/mapper/rootfs
mount /dev/mapper/rootfs /mnt/rootfs
</code>

<code>
cryptsetup luksDump /dev/sdX0
</code>

<code>
umount /mmt/rootfs
cryptsetup luksClose rootfs
</code>

產生亂數金鑰
<code bash>
dd if=/dev/random of=/etc/data_volume_password bs=1024 count=4
</code>

加入 key slot
<code bash>
cryptsetup luksAddKey /dev/sdX /data_volume_password
</code>

移除 key slot
<code bash>
cryptsetup luksKillslot /dev/sdX 1
</code>

設定UUID
<code bash>
cryptsetup luksUUID /dev/sda1 --uuid "$newuuid"
</code>