cryptsetup(8)

cryptsetup <action> [opts] <action args>

action:
    open <dev> <name> --type <type>    Open (decrypt) <dev> and map with <name>.
                                       Mapped as /dev/mapper/<name>.
                                       Type: {luks,plain,tcrypt,bitlk}
    close <name>                       Close existing mapping <name>.
    status <name>                      Print status for mapping <name>.

    luksFormat <dev>                   Create new LUKS partition and set initial passphrase.
                                       (Keyslot 0)
    luksAddKey <dev>                   Add a new passphrase.
    luksRemoveKey <dev>                Remove existing passphrase.
    luksChangeKey <dev>                Change existing passphrase.
    lusDump <dev>                      Dump LUKS header for device.

Example: Create LUKS encrypted disk.

For this example we use a file as backing storage and set it up as loop(4) device. The loop device can be replaced by any block device file.

Optional: Overwrite existing data on disk.
sudo dd if=/dev/urandom of=/dev/sdX bs=1M

First create the backing file and setup the loop device.

# Create 100MB file.
dd if=/dev/zero of=blkfile bs=1M count=100

# Attach file to first free (-f) loop device
sudo losetup -f ./blkfile
# List loop devices.
sudo losetup -l
# NAME       SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE              DIO LOG-SEC
# /dev/loop0         0      0         0  0 /home/johannst/blkfile   0     512

Create a new LUKS partition and format new filesystem.

# Initialize LUKS partition and set initial passphrase.
sudo cryptsetup luksFormat /dev/loop0

file blkfile
# blkfile: LUKS encrypted file, ver 2 [, , sha256] UUID: 8...

# Open (decrypt) the LUKS device, it will be mapped under /dev/mapper/loop0.
sudo cryptsetup open --type luks /dev/loop0 loop0

# Format partition with new filesystem.
sudo mkfs.vfat /dev/mapper/loop0

lsblk -f
# NAME        FSTYPE    FSVER LABEL  UUID  FSAVAIL FSUSE% MOUNTPOINTS
# loop0       crypto_LU 2            8...
# └─loop0     vfat      FAT16        D...    83.8M     0% /home/johannst/mnt

# Close (re-encrypt) LUKS device.
sudo cryptsetup close loop0

Example: Using an existing LUKS device.

# Open (decrypt) the LUKS device, it will be mapped under /dev/mapper/loop0.
sudo cryptsetup open --type luks /dev/loop0 loop0

# Mount filesystem.
sudo mount /dev/mapper/loop0 <mntpoint>

# Use disk ...

# Unmount filesystem.
sudo umount <mntpoint>

# Close (re-encrypt) LUKS device.
sudo cryptsetup close loop0