Original post is here: eklausmeier.goip.de
The following commands are used to encrypt the whole USB hard-drive. This hard-drive is assumed to be on /dev/sdc. Create one partition. One can use gparted for this. Then
cryptsetup luksFormat /dev/sdc1
luksFormat is only used once.
To make this encrypted drive available as device on /dev/mapper use
cryptsetup luksOpen /dev/sdc1 SeagatePortable
[more_WP_Tag]The name SeagatePortable is an arbitrary name.
Now the content is accessible through /dev/mapper. Creating a file-system, here ext4, and mounting the file-system, goes like this:
mkfs.ext4 /dev/mapper/SeagatePortable
mount /dev/mapper/SeagatePortable /mnt/sp
Change mkfs.ext4 to mkfs.btrfs if btrfs is required.
To release the hard-drive
umount /mnt/sp
cryptsetup luksClose SeagatePortable
To see the configuration of an encrypted drive, i.e., cipher mode, hash spec, salt and used key slots use
cryptsetup luksDump /dev/sdc1
More elaborate information can be found in