Encrypted Swap

How to set up encrypted swap.

randomly encrypted swap

turn off swap:

# swapoff -a

Look in /etc/fstab for what partitions are swap. In my case, it will be /dev/sda2 and /dev/sdb2. Comment these out and replace them with encrypted swap devices (which we will create later):

# /dev/sda2          none    swap    sw    0    0
# /dev/sdb2          none    swap    sw    0    0
/dev/mapper/swap1    none    swap    sw    0    0
/dev/mapper/swap2    none    swap    sw    0    0
swap1      /dev/sda2    /dev/random      swap
swap2      /dev/sdb2    /dev/random      swap

Run the cryptdisks startup script to create /dev/mapper/swapX from /etc/crypttab entries:

# /etc/init.d/cryptdisks start

Turn swap back on:

# swapon -a

hibernation with encrypted swap

If you want to be able to hibernate (suspend to disk) then swap must be encrypted with a non-random key.

about hibernation

There are three methods of hibernation: swsusp, uswsusp (aka suspend), and tuxonice (aka suspend2). See comparison of methods and the ubuntu suspend pages.

setup encrypted swap for uswsusp

Install the cryptsetup package

apt-get install cryptsetup

Setup the encrypted partition:

sudo -s
swapoff -a
cryptsetup luksFormat /dev/hda2
cryptsetup luksOpen /dev/hda2 cryptswap
mkswap /dev/mapper/cryptswap

Add this line to /etc/crypttab:

cryptswap /dev/hda2 none swap,luks,timeout=30

Set the swap partition to be this in /etc/fstab:

/dev/mapper/cryptswap none swap sw 0 0

activate new swap

swapon -a

You can check to see what swap is active:

cat /proc/swaps

Configure uswsusp to use /dev/mapper/cswap and write unencrypted data

install or reconfigure uswsusp:

apt-get install uswsusp


dpkg-reconfigure -plow uswsusp

or, you could just edit the config /etc/uswsusp.conf and run:

update-initramfs -u 

codetitle. /etc/uswsusp.conf

resume device = /dev/mapper/cryptswap
compress = y
early writeout = y
image size = 472324997
RSA key file =
shutdown method = platform
encrypt = n

making gnome hibernate button work with uswsusp


the hal scripts that govern what happens when you hit hibernate in the gnome logout dialog will use pmi scripts first. We can’t remove the pmi package, because that will remove gnome-desktop. However, we can divert the scripts to a disabled path name. This way, the hal scripts will use uswsusp first.

sudo dpkg-divert --rename --divert /usr/sbin/pmi-disabled /usr/sbin/pmi

undo the divert:

sudo dpkg-divert --rename --remove /usr/sbin/pmi


sudo s2disk

see if that works.

strings /dev/hda2

Whats the benefit from encrypting the swap?


if your disk is encrypted but your swap is not, then your key for the disk encryption can be read from the swap file.


Sounds resonable, thank you for the explanation.


it is also possible that unencrypted data could be stored in swap file
so lets say someone doesn’t find your key, that someone can be lucky enough to find other ‘sensitive’ data in plaintext


Wonderful! You are an author that I love moviedle. I always look forward to posts from you. Thank you very much.


I just wanted to tell you that I am new to blogging and I definitely love this blog weaver wordle. I will probably bookmark your blog. I actually watched it yesterday, but I have some phrazle ideas about it and I want to read it again today because it is so well written.


Swap encryption is a little complicated because it requires you to encrypt files on two different devices. On your main device, create a new file called `swapfile`. Inside the `swapfile` folder, create another file called `keystore`, which will store your key pair. Your keypair should be stored in. It is more easy to play wordle online then swap encription, so good luck!


When I asked, “Is that the time?,” I laughed. There too frequently! I appreciate you spending the geometry dash time to do this.


Run the cryptdisks startup script to create /dev/mapper/swapX from /etc/crypttab entries. spray foam insulation contractors tulsa


This is a very good post .Thanks for letting us know some good wordle 2 tips .