thanks for your test. I don't think I adequately explained the process I'm intending to use.
Rather than dd directly onto /dev/sda2, I would be creating an encrypted volume on sda2. Ie:
cryptsetup -s 256 -y luksFormat /dev/sda2
cryptsetup luksOpen /dev/sda2 cryptroot
So what I've done is create an encrypted partition on /dev/sda2, and opened it so its now accessible at /dev/mapper/cryptroot
Accessing /dev/mapper/cryptroot I can now create a filesystem on that device which is correctly formatted as (say) ext2 so I can then mount /dev/mapper/cryptroot on / providing my initrd opens the encrypted partition.
With that out of the way, I suppose the command I'd be attempting would be more like dd if=img.img of=/dev/mapper/cryptroot
And, if img.img contains an ext2 formatted partition I should be able to access it as I would a manually created partition, and the contents when written via dd will still get encrypted.
But as you said, dd is very low-level, so, newbie that I am, I was hoping someone with experience with encryption could confirm whether this will behave the way I've described.