hey guys,
I like to encrypt my swap and tmp partition with /dev/urandom but it doesn't work. I tried it 100 times and now I have no idea.


cat /etc/crypttab
swap /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

cat /etc/fstab
/dev/mapper/swap swap swap defaults 0 0

If I reboot I get the message "/dev/mapper/swap" doesn't exist. It seems, that crypsetup doesn't setting up the encrypted block device. SElinux is in permissive mode.

Thanks in advance

You look to be on the right track. Try dropping the "cipher=aes-cbc-essiv:sha256 " off the end of your /etc/crypttab line.

Here's what mine looks like:

/etc/fstab:
/dev/mapper/swap-name swap swap defaults 0 0
/etc/crypttab:
swap-name /dev/sda3 /dev/urandom swap

Check your swap status with:
swapon -s
... and ...
top
... and view the summary at the top of the screen.

There's no trick to getting this to work except to make sure you have a swap partition at sda3 (or wherever) to begin with, before you try to encrypt it.

...
cat /etc/crypttab
swap /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256...

I concur with Evil_Bert on removing the cipher content. :)

...cat /etc/fstab
/dev/mapper/swap swap swap defaults 0 0

If I reboot I get the message "/dev/mapper/swap" doesn't exist. It seems, that crypsetup doesn't setting up the encrypted block device...

Additionally, I suggest doing a ls -latr /dev/mapper as well. :)
==================================
[root@localhost ~]# more /etc/fstab

#
# /etc/fstab
# Created by anaconda on Thu Oct 15 02:53:58 2009
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/VolGroup-lv_root / ext4 defaults 1 1
UUID=f4151bc6-7a71-4e7b-b470-1e71faa357c3 /boot ext4 defaul
ts 1 2
/dev/mapper/VolGroup-lv_swap swap swap defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
==================================
[root@localhost ~]# ls -latr /dev/mapper
total 0
crw-rw----. 1 root root 10, 62 2010-09-09 09:25 control
brw-rw----. 1 root disk 253, 0 2010-09-09 09:25 VolGroup-lv_root
brw-rw----. 1 root disk 253, 1 2010-09-09 09:25 VolGroup-lv_swap
drwxr-xr-x. 2 root root 100 2010-09-09 09:25 .
drwxr-xr-x. 18 root root 3640 2010-09-09 09:26 ..
==================================
[root@localhost ~]# swapon -s
Filename Type Size Used Priority
/dev/mapper/VolGroup-lv_swap partition 4087804 0 -1
==================================
Hope this helps. ;)

I tried it again without a cipher:

swapoff -a
setenforce 0

vi /etc/fstab
#/dev/mapper/luks-50301372-ee3b-4b00-ad6a-f73c984de4d3 swap swap defaults 0 0
/dev/mapper/swap-name swap swap defaults 0 0

vi /etc/crypttab
#luks-50301372-ee3b-4b00-ad6a-f73c984de4d3 UUID=50301372-ee3b-4b00-ad6a-f73c984de4d3 /key # swap
swap-name /dev/sda3 /dev/urandom swap

swapon -a -v
swapon on /dev/mapper/swap-name
swapon: /dev/mapper/swap-name: stat failed: No such file or directory

swapon -s

......vi /etc/fstab
#/dev/mapper/luks-50301372-ee3b-4b00-ad6a-f73c984de4d3 swap swap defaults 0 0
/dev/mapper/swap-name swap swap defaults 0 0

vi /etc/crypttab
#luks-50301372-ee3b-4b00-ad6a-f73c984de4d3 UUID=50301372-ee3b-4b00-ad6a-f73c984de4d3 /key # swap
swap-name /dev/sda3 /dev/urandom swap

swapon -a -v
swapon on /dev/mapper/swap-name
swapon: /dev/mapper/swap-name: stat failed: No such file or directory...

The reference to swap-name must match the value of the file which is stored in your /dev/mapper subdirectory. :)

So, just do a ls -latr /dev/mapper and see the file name to match. :)

Hope this helps. :)

Many thanks, swap works now. I didn't remove my old configuration in /boot/grub/grub.conf:
resume=UUID=50301372-ee3b-4b00-ad6a-f73c984de4d3

I tried it with /tmp but if I reboot I get the same failure how before:
/dev/mapper/tmp doesn't exist

My configuration:

vi /etc/crypttab
tmp /dev/sda5 /dev/urandom tmp

vi /etc/fstab
/dev/mapper/tmp /tmp ext2 defaults 0 0

Many thanks, swap works now. I didn't remove my old configuration in /boot/grub/grub.conf:
resume=UUID=50301372-ee3b-4b00-ad6a-f73c984de4d3

You can probably delete the "resume= ..." statement from grub.conf, unless you really need hibernate/resume, as it's not part of the standard configuration. This guy has more on the subject:
http://extramem.blogspot.com/2010/07/resume-from-encrypted-swap-in-fedora-13.html

Your encrypted swap space gets set up every boot. You can change the name if you want, as long as /etc/fstab and /etc/crypttab agree at boot time.

*****

As for /tmp, you could use a regular LUKS-encrypted partition (i.e. where data is preserved like any other partition). But if you still want random encryption for /tmp, then my help is limited.

Here are a couple of tutorials that may be of assistance:
http://tredosoft.com/encrypt_home_directory_fedora_9
http://wiki.centos.org/HowTos/EncryptTmpSwapHome

Thanks! http://tredosoft.com/encrypt_home_directory_fedora_9 was very helpful for me. Automount doesn't work with tmp. That means, that an entry in the fstab is not a good idea :-),
a init.d script is necessary.