Encrypted swap file

Ecrypting the swap file is strongly suggested if you already had encrypted the /home partition, and it is mandatory if you plan to use the suspend-to-disk facility. This is the procedure on a Debian system.

Encrypting the swap file

Assuming /dev/sda5 is the swap partition, the first thing is create the encrypted device. First we need to install the basic tools:

#> apt install initramfs-tools cryptsetup

Then we turn the current swap file off, create the actual, encrypted device and create the new swap file over it:

#> swapoff /dev/sda5
#> cryptsetup luksFormat /dev/sda5
#> cryptsetup open /dev/sda5 cswap
#> mkswap /dev/mapper/cswap

Finally, let the system be aware of your encrypted swap file.

Get the UUID of the encrypted partition:

#> blkid /dev/sda5

Edit /etc/crypttab and add:

cswap	UUID=<...>	none	luks

Then edit /etc/fstab:

/dev/mapper/cswap	none	swap	sw	0	0

Activate cswap in initramfs

These steps are necessary to enable suspend-to-disk.

Create /etc/initramfs-tools/conf.d/cryptroot and type:


Create /etc/initramfs-tools/conf.d/resume and type:


Then, update initramfs:

#> update-initramfs -u

Finally, install uswsusp:

#> apt install uswsusp

and you are good to go.

© Alessandro Dotti Contra :: VAT # IT03617481209 :: This site uses no cookies, read our privacy policy for more information.