randomly encrypted swap¶
turn off swap:
# swapoff -a
Look in /etc/fstab for what partitions are swap. In my case, it will be /dev/sda2 and /dev/sdb2. Comment these out and replace them with encrypted swap devices (which we will create later):
/etc/fstab # /dev/sda2 none swap sw 0 0 # /dev/sdb2 none swap sw 0 0 /dev/mapper/swap1 none swap sw 0 0 /dev/mapper/swap2 none swap sw 0 0
/etc/crypttab swap1 /dev/sda2 /dev/random swap swap2 /dev/sdb2 /dev/random swap
Run the cryptdisks startup script to create /dev/mapper/swapX from /etc/crypttab entries:
# /etc/init.d/cryptdisks start
Turn swap back on:
# swapon -a
hibernation with encrypted swap¶
If you want to be able to hibernate (suspend to disk) then swap must be encrypted with a non-random key.
setup encrypted swap for uswsusp¶
Install the cryptsetup package¶
apt-get install cryptsetup
Setup the encrypted partition:¶
sudo -s swapoff -a cryptsetup luksFormat /dev/hda2 cryptsetup luksOpen /dev/hda2 cryptswap mkswap /dev/mapper/cryptswap
Add this line to /etc/crypttab:¶
cryptswap /dev/hda2 none swap,luks,timeout=30
Set the swap partition to be this in /etc/fstab:¶
/dev/mapper/cryptswap none swap sw 0 0
activate new swap¶
You can check to see what swap is active:
Configure uswsusp to use /dev/mapper/cswap and write unencrypted data¶
install or reconfigure uswsusp:
apt-get install uswsusp
dpkg-reconfigure -plow uswsusp
or, you could just edit the config /etc/uswsusp.conf and run:
resume device = /dev/mapper/cryptswap compress = y early writeout = y image size = 472324997 RSA key file = shutdown method = platform encrypt = n
making gnome hibernate button work with uswsusp¶THIS DOES NOT WORK ANYMORE, BECAUSE NOW HAL SCRIPTS WONT TRY OTHER METHODS
the hal scripts that govern what happens when you hit hibernate in the gnome logout dialog will use pmi scripts first. We can’t remove the pmi package, because that will remove gnome-desktop. However, we can divert the scripts to a disabled path name. This way, the hal scripts will use uswsusp first.
sudo dpkg-divert --rename --divert /usr/sbin/pmi-disabled /usr/sbin/pmi
undo the divert:
sudo dpkg-divert --rename --remove /usr/sbin/pmi
see if that works.
Whats the benefit from encrypting the swap?
if your disk is encrypted but your swap is not, then your key for the disk encryption can be read from the swap file.
Sounds resonable, thank you for the explanation.
it is also possible that unencrypted data could be stored in swap file
Wonderful! You are an author that I love moviedle. I always look forward to posts from you. Thank you very much.
Swap encryption is a little complicated because it requires you to encrypt files on two different devices. On your main device, create a new file called `swapfile`. Inside the `swapfile` folder, create another file called `keystore`, which will store your key pair. Your keypair should be stored in. It is more easy to play wordle online then swap encription, so good luck!
When I asked, “Is that the time?,” I laughed. There too frequently! I appreciate you spending the geometry dash time to do this.
Run the cryptdisks startup script to create /dev/mapper/swapX from /etc/crypttab entries. spray foam insulation contractors tulsa
This is a very good post .Thanks for letting us know some good wordle 2 tips .