Encrypting the swap partition with eCryptfs
If you’re just encrypting individual directories with eCryptfs instead of using LUKS whole-disk encryption, you’ll need to encrypt your swap partition in order to prevent accidental data leakage. Fixing that problem requires just one simple command:
donnie@ubuntu:~$ sudo ecryptfs-setup-swap
WARNING:
An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format.
HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!
NOTE: Your suspend/resume capabilities will not be affected.
Do you want to proceed with encrypting your swap? [y/N]: y
INFO: Setting up swap: [/dev/sda5]
WARNING: Commented out your unencrypted swap from /etc/fstab
swapon: stat of /dev/mapper/cryptswap1 failed: No such file or directory
donnie@ubuntu:~$
Don’t mind the warning about the missing /dev/mapper/cryptswap1 file. It will get created...
