Don't use partitioners included with OS media where the same job can be done by GParted (which has live media available) or another good general-purpose partitioner. BSDs and Plan 9 are exceptions to this rule due to their exotic partitioning systems. Using utilities from a shell or TUIs does not make you "cooler" than someone who needs a GUI for partitioning; in some cases, messing up partitioning can have serious consequences, so it's always nice to have some idiot-proofing. I always partition my disks with the GParted live media.
You should do your own research on how you should partition your disks. I personally use separate partitions for /boot, /home, /, and swap. Your needs will vary.
Please note that a separate boot partition is mandatory if you intend to boot via (U)EFI. Check out the linked pages in the "See also" section.
Use mkfs(8) for creating filesystems and mount(8) for mounting partitions' filesystems.
Available as sysutils/gpart in pkgsrc.
gpart(8) is a tool that scans a file (or block device presented as a file) for drive partitions regardless of any table present on the medium.
e2fsprogs is needed for the dm_mod kernel module used for LUKS partition decryption.
To format a partition to a LUKS volume, determine the physical block device location for that partition and run cryptsetup luksFormat [partition].
The passphrase used can be changed or removed after creation.
To open a LUKS volume, use cryptsetup luksOpen [partition] [name].
This name is the name the decrypted block device location will take in /dev/mapper/.
Before the decrypted block device has a filesystem it'll just be cleared space - format as normal but use the decrypted block device location.
To mount a partition in an opened LUKS volume, use mount(8) as normal, just with the decrypted block device location.
To close an open LUKS volume, umount(8) any mapped and mounted partitions from the volume and cryptsetup luksClose [name].
To make the LUKS partition openable via keyfile, first make a keyfile (dd if=/dev/urandom of=/root/keyfile bs=1024 count=4 seems to work), and optionally make it readable by root only (chmod 0400 [keyfile]).
Then add the keyfile to the partition's LUKS header with cryptsetup luksAddKey [physical partition block device] [keyfile].
dm-crypt is a service that automatically mounts LUKS volumes at boot.
On most OpenRC-initialized distributions, the cryptsetup-openrc package provides dmcrypt.
Make sure that service is added to runlevel boot.
Configuration is in /etc/conf.d/dmcrypt and further configuration should be done in fstab.
dm-crypt will need the UUID of the physical block device while fstab (if being configured with UUIDs will need the UUID of the decrypted block device in the device mapper).