Dm-crypt full disk encryption

This article aim to get started with DM-Crypt LUKS to be able to install a new system from scratch, using gentoo installation documents for example, and generate an initramfs with that in no time. So this article will skip right away the premises on why to encrypt a system with DM-Crypt LUKS and on security insights. That said, encrypting a system with DM-Crypt LUKS will immediately put you in a position to chose between security versus usability and secure versus system speed/responsiveness.

Which key (file) mode?
Choosing a key or key file mode depends on the secure requirements or the system: an long and random password with special characters is more secure than an easy dictionary breakable password of course. So to meet the length, randomness and complexity of password requirements a key file seems to be right spot. However, a key file doe not meet the security/secure side because it is always better to leave no traces behind which could compromise or ease the break ability of an encrypted system or disk. This is where GnuPG crrypted key files comes into play which will satisfy almost every aspect with a little minus in security because the key file can be accessible from world.

To get a secure key file that could piped to cryptsetup, one could generate a random key from /dev/random and encrypt it with GnuPG. Or else, a simple password will be sufficient if there are not severe secure/security requirements.