On 12/12/2017 08:41 AM, Wells, Roger K. wrote:
> I have existing systems with un-encrypted disks.
> I have tried unsuccessfully to encrypt them using LUKS.
> Has anyone out there been able to encrypt an existing system (after the fact, so to speak)?
You can do that with cryptsetup-reencrypt, but it needs to be able to make space for the ~2MB LUKS header ahead of the filesystem in the partition. That's a fairly risky operation -- shrinking the filesystem slightly and shifting it over. An alternative is LUKS with a detached header, but maintaining that relationship is an administrative headache with a severe penalty for error.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.