Some years back I blogged about encrypted filesystems. That info is still valid but times have moved on and there are other, better ways now.
I can’t take any credit for this info, it all comes from the blog of Lars Strand. My thanks to him for taking the trouble to make it public. I’m just putting it on my own blog because it’s of such value and enables me to extract just the elements I require.
Encrypting Swap
Add this to /etc/crypttab:
cryptoswap /dev/hda2 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap
And this it /etc/fstab:
/dev/mapper/cryptoswap swap swap sw 0 0
That’s it! Much simpler than the old methods that involved editing swap init scripts.
Create an Encrypted Filesystem
cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/md8
cryptsetup luksOpen /dev/md8 crypt
mkfs.ext3 /dev/mapper/crypt
Add this to /etc/crypttab:-
crypt /dev/md8 noauto luks