~ Return to the rest of the site
This information is not authoritative, nor from a place of deep knowledge.
To format a partition for LUKS, use lsblk to determine the physical block device location for that partition and run cryptsetup luksFormat [partition].
The passphrase used can be changed or removed after creation.
To open a LUKS partition, use cryptsetup luksOpen [partition] [name].
This name is the name the decrypted block device location will take in /dev/mapper/.
Before the decrypted block device has a filesystem it'll just be cleared space - use mkfs.[filesystem] /dev/mapper/[name].
To mount an opened LUKS partition, use mount(8) as normal, just with the decrypted block device location.
To close an open LUKS partition, umount(8) it if it's open and cryptsetup luksClose [name].
To make the LUKS partition openable via keyfile, first make a keyfile (dd if=/dev/urandom of=/root/keyfile bs=1024 count=4 seems to work), and optionally make it readable by root only (chmod 0400 [keyfile]).
Then add the keyfile to the partition's LUKS header with cryptsetup luksAddKey [physical partition block device] [keyfile].
SSH keys are typically stored in $HOME/.ssh.
Typically, the public key's filename will be suffixed with .pub, while the private key will not.
You can generate an SSH key with ssh-keygen(1). Currently the preferred implementation is openssh-keygen, part of the OpenSSH suite.
Microsoft GitHub documentation suggests a user create a key with ssh-keygen -t ed25519 -C "[e-mail address]".
This generates an Ed25519 SSH key with an e-mail address in the key comment.