First sync.

mkcrypt

@@ -0,0 +1,76 @@
+#!/usr/bin/env sh
+
+CIPHER="aes-xts-plain64"
+KEYSIZ='512'
+HSHTYP='sha512'
+ITTIME='5000'
+USERAN='random'
+DEVICE="${1}"
+
+# WE NEED ROOT PRIVILEGES
+
+if [ $EUID -ne 0 ]; then
+  echo "This script must be run as root."
+  exit 1
+fi
+
+# CONFIRM THE DEVICE
+
+echo "You are about to format the following device with LUKS:"
+echo ""
+
+\lsblk -o NAME,SIZE,FSTYPE,MOUNTPOINT,LABEL,UUID "${DEVICE}"
+echo ""
+
+echo -n "Are you sure [y/N]? "
+read CONFRM
+echo ""
+
+if [ "${CONFRM,,}" = "y" ]; then
+
+  echo -n "Fill ${DEVICE} with random data [Y/n]? "
+  read DEVFIL
+  echo ""
+
+  if [ "${DEVFIL,,}" = "n" ]; then 
+    echo "Not filling ${DEVICE} with random data."
+  else
+    echo "Filling ${DEVICE} with random data..."
+    echo ""
+    openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero | sudo dd of=${DEVICE} bs=4M status=progress
+  fi
+
+  echo ""
+
+  echo "Setting up encryption with password..."
+  echo ""
+
+  cryptsetup --verbose --cipher "${CIPHER}" --key-size "${KEYSIZ}" --hash "${HSHTYP}" --iter-time "${ITTIME}" --use-${USERAN} --verify-passphrase luksFormat "${DEVICE}"
+  echo ""
+
+  echo -n "Do you wish to also use a key file [y/N]? "
+  read CONFRM
+  echo ""
+
+  if [ "${CONFRM,,}" = "y" ]; then
+    echo -n "Path to key file: "
+    read EKFILE
+    echo ""
+    cryptsetup --verbose luksAddKey "${DEVICE}" "${EKFILE}"
+    echo ""
+  fi
+
+  DVUUID="$(\lsblk -nlo UUID "${DEVICE}")"
+  DVNAME="$(\lsblk -nlo MODEL,SERIAL "${DEVICE}" | sed 's/  */ /g' | tr ' ' '_')"
+
+  echo "Added the following line to /etc/crypttab:"
+  echo ""
+
+  echo "${DVNAME}"$'\t'"UUID=${DVUUID}"$'\t'"${EKFILE}"$'\t'"cipher=aes-xts-plain64:sha512:size=512" | tee -a /etc/crypttab
+  echo ""
+
+else
+
+  echo "Aborting."
+
+fi