Encrypted swap

From PrgmrWiki

Debian and Ubuntu

Install the cryptsetup package:

sudo apt-get install cryptsetup

This creates a 128MB file:

sudo dd if=/dev/zero of=/var/swap bs=1M count=128

Guarantee permissions:

sudo chown root:root /var/swap
sudo chmod 600 /var/swap

Add the file to /etc/crypttab:

echo 'cryptswap1 /var/swap /dev/urandom swap,cipher=aes-cbc-essiv:sha256' | sudo tee -a /etc/crypttab

Add the encrypted volume to /etc/fstab:

echo '/dev/mapper/cryptswap1          none    swap    sw      0       0' | sudo tee -a /etc/fstab

Start the encrypted volume:

cryptdisks_start cryptswap1

Format it as swap:

/sbin/mkswap /dev/mapper/cryptswap1

Enable swap:

swapon -a

CentOS 5 and 6

Encrypted swap files (as opposed to partitions) are not easily supported by CentOS 5 and 6. If you want help with a workaround, please contact prgmr.com support.

CentOS 7, Fedora 22, Fedora 23

Install the cryptsetup package:

sudo yum install cryptsetup

This creates a 128MB file:

sudo dd if=/dev/zero of=/var/swap bs=1M count=128

Guarantee permissions:

sudo chown root:root /var/swap
sudo chmod 600 /var/swap

Add the file to /etc/crypttab:

echo 'cryptswap1 /var/swap /dev/urandom swap,cipher=aes-cbc-essiv:sha256' | sudo tee -a /etc/crypttab

Add the encrypted volume to /etc/fstab:

echo '/dev/mapper/cryptswap1          none    swap    sw      0       0' | sudo tee -a /etc/fstab

Start the encrypted volume:

/usr/lib/systemd/systemd-cryptsetup attach 'cryptswap1' '/var/swap' '/dev/urandom' 'swap,cipher=aes-cbc-essiv:sha256'

Format it as swap:

/sbin/mkswap /dev/mapper/cryptswap1

Enable swap:

swapon -a