Prep

While sing dd to blank the partition using /dev/zero is usually quick, using dd to fill a drive with random data using the cryptographically-secure /dev/urandom can take a long time. To wit, a Via 1.2GHz C7 7-watt single-core CPU would have taken 6½ days to fill a 500GB drive using /dev/urandom. An AMD 2.8GHz Anthlon II quad-core CPU took 4½ hours. You may wish to move the drive to a faster computer.

1. Comment-out appropriate entries in /etc/fstab
2. Shut down the computer the drive originated from.
3. Remove the drive.
4. Restart the computer the drive came from if you need it.
5. Power off the target computer the drive will be temporarily installed to.
6. Install the drive in the faster computer.
7. Boot into Linux on the faster computer.
8. Run sudo fdisk -l to list the partition of all drives.

Alternatively, you can just leave the drive where it's at and unmount the device.

sudo umount [mount-point]

Wipe

Protect against data recovery by blanking the partition.
The extra ampersand at the end will allow the process to run in the background and spit out a process ID number.

sudo dd if=/dev/zero of=/dev/sd[a-z][0-9] bs=1M &

The bigger the partition, the longer dd takes.
If you want to check the progress of the process at any time, issue this command

sudo kill -USR1 [process-id]

Protect agains physical hackery by filling the partition with random data.
This makes it tougher to tell which parts contain encrypted data and which do not.

dd if=/dev/urandom of=/dev/sd[a-z][0-9] bs=1M &

Crypt & Format

Run this command to set up the encrypted partition:

cryptsetup -y -c aes-cbc-essiv:sha256 luksFormat /dev/sd[a-z][0-9]

Re-mount the encrypted partition:

cryptsetup luksOpen /dev/sd[a-z][0-9] [name]

Format the partition:

mkfs -t [filesystem] /dev/mapper/[name]

Configuation

Edit /etc/crypttab and add an entry

[name] UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks

Edit /etc/fstab and add an entry

/dev/mapper/[name] [mount-point] defaults 0 2

Update the initrd image.

sudo update-initramfs -u