How do I set up an encrypted swap file in Linux?

Indeed, the page describes setting up a partition, but it's similar for a swapfile:

dd if=/dev/urandom of=swapfile.crypt bs=1M count=64
loop=$(losetup -f)
losetup ${loop} swapfile.crypt
cryptsetup open --type plain --key-file /dev/urandom ${loop} swapfile
mkswap /dev/mapper/swapfile
swapon /dev/mapper/swapfile

The result:

# swapon -s
Filename                                Type            Size    Used    Priority
/dev/mapper/swap0                       partition       4000176 0       -1
/dev/mapper/swap1                       partition       2000084 0       -2
/dev/mapper/swapfile                    partition       65528   0       -3

swap0 and swap1 are real partitions.

This Configuration uses randomly generated keys at boot and will not support Hibernation to hard disk! You Should Disable Hibernation through your respectie DE Power Management Utility and set it to Shutdown on Critical to avoid Data Loss!

Make sure to run sudo -s or su before running the following.

1. Disable Swap:

   # swapoff -a
   

2. Locate the existing Swap Partition

   # lsblk
   

   You will get something like this:

   sda3    8:3    0     8G  0 part [SWAP]
   

3. Overwrite Old Swap

   # dd if=/dev/zero bs=1024000 of=/dev/sda<#>
   

   for example:

   # dd if=/dev/zero bs=1024000 of=/dev/sda3
   

4. fstab setup

   # vim /etc/fstab
   

   Replace old SWAP device with crypttab mapper name: /dev/mapper/cswap

   #<file system>      <mount point>   <type>  <options>   <dump>  <pass>
   /dev/mapper/cswap   none            swap    pri=1,defaults  0   0
   

5. Crypto Setup

   # ls -lF /dev/disk/by-id
   

   For Example:

   ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3 -> ../../sda3
   
   # vim /etc/crypttab
   
   # <name>    <device>                            <password>  <options>
     cswap     /dev/disk/by-id/ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3   /dev/urandom    swap,cipher=aes-cbc-essiv:sha256,size=256
   

6. Active Encrypted Swap

   # reboot
   

7. Verify Enctypted Swap Operations

   For example:

   # dmsetup -C info 
   cswap      253   0 L--w    2    1      0 CRYPT-PLAIN-cswap  
   # lsblk
   ├─sda3                8:3    0     8G  0 part  
   │ └─cswap             253:0    0     8G  0 crypt [SWAP]
   # cat /proc/swaps 
   Filename                Type        Size    Used    Priority
   /dev/dm-0               partition   8385532 0       -1
   

If you use dd if=/dev/zero of=/swapfile bs=8G count=1, followed by mkswap /swapfile and swapon /swapfile, you should have a working swapfile on your root filesystem. (we use dd to ensure there are no holes in the swapfile)

This gets around having to mess with loop devices and/or crypttab and simply places the swapfile inside your already encrypted filesystem. (We're assuming that you're using encryption for the whole drive here. Prepend the /swapfile parameter with the path to your encrypted directory if it's somewhere else)

See man mkswap and man swapon for more information.