cryptctl is a utility for setting up disk encryption using the popular well-established LUKS method. It generates random numbers to use as encryption keys, and safely keep the keys on a centralised key server. It can encrypt arbitrary directories into encrypted disk partitions. The key server stores all encryption keys in a database directory (by default /var/lib/cryptctl/keydb) and serves the keys via an RPC protocol over TCP (by default on port 3737) to client computers. The key server is the central component of encryption setup, hence it must be deployed with extra physical/network security measures; regular backup of the key database must be carried out to ensure its availability. Communication between key server and client computers is protected by TLS via a certificate, and authorised via a password specified by the system administrator during key server's initial setup.