# [sort of solved] Encrypt swap FILE with dmcrypt?

## bienchen

Hi!

Is there a way to encrypt a swap FILE (NOT a partition) with dmcrypt and this random-key-on-boot feature?

Could'nt make it out by myself or Google.

greetings,

bienchenLast edited by bienchen on Wed Jul 02, 2008 9:33 am; edited 1 time in total

----------

## frostschutz

With a loopback device it should be possible to implement, yes. Only I doubt there is an out of box solution that works for this, i.e. you'd have to write your own script. Personally I prefer encrypting the hard disk entirely though, so I no longer have to worry about encrypting every single partition by itself, and no need to worry about which data mustn't be placed in a directory that happens to be not encrypted at all.

----------

## bienchen

Encrypting the whole harddisk means that other users can read my home directory, doesn't it?

Loopback device should work with an initrd disk. But i'm not very keen to use one.

greetings,

bienchen

----------

## zyko

The official documentation has a section on encrypted swap. This assumes a swap partition, but I guess it would work with a container file as well.

----------

## frostschutz

 *bienchen wrote:*   

> Encrypting the whole harddisk means that other users can read my home directory, doesn't it?

 

Depends on what a 'other user' is. If you are sharing the machine with other people (as in other people who are root), then yes, if the drive is unlocked, of course they can access everything in it. It doesn't matter wether drive is the whole drive or just a home partition in this case. Normal users without hands on / root access can not read your home directory even without encryption due to lack of filesystem level permissions.

Encryption is only effective as long as the system is off. If it's on and the drive is mounted, it does not matter wether it's physically encrypted or not. So encryption does not protect you at all from someone else who has ssh/root access to your machine from getting at your data, provided that you are accessing your own data as well anyhow.

 *bienchen wrote:*   

> Loopback device should work with an initrd disk. But i'm not very keen to use one.

 

No need for initrd for a swap file, even with loopback. You don't need swap for mounting your root partition, you can set up swap while as the system boots.

You need an initrd or (much easier) initramfs when encrypting the whole disk though, as well as boot from usb, as you have to unlock the drive before you can mount your root partition, and that unlocking has to be done by initrd / initramfs.

----------

## bienchen

Good morning

OK, I've decided to try to run my system without swap.

This swap encryption in the official doc does NOT work for files.

'Other users' are users with their home direcotry on the same machine. If I encrypt each home directory on it's own, nobody can see another users directory as long as he/ she/ it is not loged in. Not even root.

Planning to use encFS+pam-encFS for this.

greetings,

bienchen

----------

## frostschutz

 *bienchen wrote:*   

> If I encrypt each home directory on it's own, nobody can see another users directory as long as he/ she/ it is not loged in. Not even root.

 

But that kind of security is pointless. If other users can see another users home directory when he's logged in then the filesystem permissions are plain wrong. And root can access everything anyway, even if he has to wait /once/ for a user to login to get at the password.

Regarding using an encrypted swapfile, I just tried it and it works without any issue whatsoever:

```

# create an empty file, in this example 1000MB in size:

dd if=/dev/zero of=/tmp/cryptswap bs=1M count=1000

# 1000+0 records in

# 1000+0 records out

# 1048576000 bytes (1.0 GB) copied, 9.54515 s, 110 MB/s

# create a loop device for this file

losetup /dev/loop0 /tmp/cryptswap

# encrypt the loop device with some cipher and passphrase

cryptsetup -c aes-xts-plain -y create cryptswap /dev/loop0

# format the encrypted loop swap device

mkswap /dev/mapper/cryptswap

# make the kernel use it

swapon /dev/mapper/cryptswap
```

----------

## bienchen

 *Quote:*   

> But that kind of security is pointless. If other users can see another users home directory when he's logged in then the filesystem permissions are plain wrong. And root can access everything anyway, even if he has to wait /once/ for a user to login to get at the password. 

 

Of course you are right. To put it a little bit mor learer: I am speaking about my private notebook which I am using at work. Because it is my private one I am root. And I have 2 accounts on it: 1 for the work, 1 for my home base. At work I do not want anyone to be able to see my highly private directory over the net at any chance.

So at work logged in as 'worker' -> nobody sees 'private' data. At home: I do not care. Is my plan now understandable?

 *Quote:*   

> Regarding using an encrypted swapfile, I just tried it and it works without any issue whatsoever: 

 

How do you make this survive a reboot? What are you putting into /etc/fstab? I tried doing this with /etc/conf.d/dmcrypt but it is not working for me.

Anyway, I shut down my swap and see what happens.

greetings,

bienchen

----------

## frostschutz

 *bienchen wrote:*   

> So at work logged in as 'worker' -> nobody sees 'private' data. At home: I do not care. Is my plan now understandable?

 

That scenario makes a little more sense, yeah.  :Smile: 

Although even without encryption, you could set up filesystem permissions so that the 'worker' user does not see the 'home' users data and vice versa. So for anyone to be able to see your private directory over the net, they would have to hack your system. But yeah, as this is entirely a possibility with laptops especially when other geeks are around in the company you work at, it can make sense.

 *Quote:*   

> How do you make this survive a reboot? What are you putting into /etc/fstab? I tried doing this with /etc/conf.d/dmcrypt but it is not working for me.

 

swap never survives a boot  :Laughing: 

to create such an encrypted swap file every boot, all you'd have to do is put the commands somewhere (/etc/conf.d/local for example) and perhaps use some /dev/urandom bytes as a key instead of a passphrase. I bet there is some nicer way to do it with the dmcrypt init script but I have never used this one (when I boot my crypt is already done setting up after all, as the entire hard disk is encrypted in my case), so I can't help with it specifically.

 *Quote:*   

> I shut down my swap and see what happens

 

As you get close to the memory limit, you'll have next to no file system cache anymore (with swap, the kernel would move some unused parts off to swap in order to make room for currently more useful buffers and such). If you hit the memory limit, the kernel will start killing your apps without giving you any chance to save your work (with swap, something would be swapped out, making room for you to continue working). If you hit both memory+swap limit, of course you're back to square one. But usually you should have enough memory to do everydays work (because swapping becomes slow if it has to be done non-stop) and swap only to outbalance some temporary load spikes / cope with memory leaks.

If you run without swap and your laptop still allows a memory upgrade, and it's not too expensive to do so, just do it.

----------

## bienchen

Thank's for the hints. But I can't upgrade my notebooks memory. It only takes 4gigs  :Wink: 

Of course swap does not survive a reboot. I meant the setup. Fideling around with the init scripts sounds tempting but one can't have it all. THere's still enough to do on my notebook to make it work like I want.

greetings,

bienchen

----------

