Encrypted swap file

Ecrypting the swap file is strongly suggested if you already had encrypted the /home partition, and it is mandatory if you plan to use the suspend-to-disk facility. This is the procedure on a Debian system.

Encrypting the swap file

Assuming /dev/sda5 is the swap partition, the first thing is create the encrypted device. First we need to install the basic tools:

    #> apt install initramfs-tools cryptsetup

Then we turn the current swap file off, create the actual, encrypted device and create the new swap file over it:

    #> swapoff /dev/sda5
    #> cryptsetup luksFormat /dev/sda5
    #> cryptsetup open /dev/sda5 cswap
    #> mkswap /dev/mapper/cswap

Finally, let the system be aware of your encrypted swap file.

Get the UUID of the encrypted partition:

    #> blkid /dev/sda5

Edit /etc/crypttab and add:

    cswap   UUID=<...>  none    luks

Then edit /etc/fstab:

    /dev/mapper/cswap   none    swap    sw  0   0

Activate cswap in initramfs

These steps are necessary to enable suspend-to-disk.

Create /etc/initramfs-tools/conf.d/cryptroot and type:


Create /etc/initramfs-tools/conf.d/resume and type:


Then, update initramfs:

    #> update-initramfs -u

Finally, install uswsusp:

    #> apt install uswsusp

and you are good to go.