ecryptfs-setup-swap

Setup encrypted swap

$ ecryptfs-setup-swap

$ ecryptfs-setup-swap [/dev/sda2]

ecryptfs-setup-swap [device]

ecryptfs-setup-swap configures encrypted swap space using dm-crypt with a random key. This prevents sensitive data from being recoverable from swap after shutdown.
The script modifies /etc/fstab and /etc/crypttab to enable encrypted swap on boot. A random key is generated each boot, so swap contents are unrecoverable after restart.
Encrypted swap is important when using encrypted home directories, as unencrypted swap could leak decrypted data.

DEVICE

Swap partition to encrypt.

Disables hibernation (swap content unrecoverable). Requires root privileges. Existing swap will be reformatted. Must run with system not using swap.

ecryptfs-setup-swap is part of the eCryptfs utilities, addressing the security gap where encrypted filesystem data could leak to unencrypted swap space.

ecryptfs-setup-private(1), cryptsetup(8), swapon(8)