LUKS encryption for tape media?

You are unlikely to be happy with the huge latencies introduced by LUKS on linear media. A better idea is to pipe the output of tar through OpenSSL, encrypting it with a streaming cipher, before sending it to the tape device.


Tape devices are not suited for random access (they don't provide random-access), i.e. they are not block devices. And LUKS is designed for block devices, like e.g. XFS is a filesystem for block devices. You can't mkfs.xfs on a tape device, can you?

Thus, go with the OpenSSL streaming cipher encryption via pipe approach, like suggested by Ignacio.

Similar to the design of LUKS, you could generate a large random key for the streaming encryption which you then encrypt as file e.g. with gpg. That means you are flexible to change this 'envelope-key' and you could encrypt the 1st key with multiple public keys, such that multiple persons have access to it (without the need of a perhaps insecure key-exchange).