Category Archives: Crypto

Resizing Cryptswap in Ubuntu 16.04

I recently migrated my system to NVMe drives (great decision, by the way), and part of my reason for doing so was much faster swap, for some outrageously memory-hungry finite element mesh generation stuff.

I also wanted to enlarge the swap. I use LVM on top of software RAID, and encrypted home directories on top of that, which means the Ubuntu automatically set up encrypted swap for me. I had a non-encrypted swap volume at:

/dev/vg0/swap

I didn’t have much luck finding information about how the cryptswap is set up by the installer, which is why I’m writing this. It turns out that the crypt swap is configured in /etc/crypttab, where I have a line like this:

cryptswap1 /dev/vg0/swap /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

What this means is that the system will create a crypt device called /dev/mapper/cryptswap1 at boot using a random seed, on top of /dev/vg0/swap. It will then run mkswap and swapon on the encrypted device.

This latter part is specified in /etc/fstab like:

/dev/mapper/cryptswap1 none swap sw 0 0

So, if your base unencrypted swap partition is an LVM logical volume, all you have to do is use lvextend to make it larger and (the easiest way) reboot. On reboot the larger device will automatically be used in its entirety.

gpg-agent not working for ssh

I recently did a linux reinstallation on my workstation after more than 4 years of cruft accumulation, but couldn’t get ssh to work with my cryptostick. I did all of the normal stuff required to disable ssh-agent and enable ssh-agent support in gpg-agent.

Turns out I needed to install the ‘gpgsm’ package (on Debian/Ubuntu), which replaces the normal gpg-agent with one that supports a smart card.

I’m posting this mostly for my own reference, but maybe it will help you too.

Getting a Linux Kernel changelog using git

I am setting up my new webserver (which, incidentally, this post is being written on), and had some trouble with the version of the Linux kernel I was using. I wanted to see whether my problem had been fixed between my kernel version and the current one, but couldn’t find an easy way to do that. User Octayn in ##linux on freenode IRC suggested I use git with tags. A little googling suppiled the right command-line magic.

First, I cloned the linux-stable git:


git clone git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git

Then, after changing into the linux-stable directory, I checked the tag names available:


git tag -l | less

That showed me the formatting of the tags, namely v. So then the command to get the full changelog was:


git log --decorate v3.0.9..v3.0.32

I did find some commits that might have fixed my problem. I upgraded and so far, so good. Only time will tell.

This is here as much for my own reference as it is for yours, but I hope it helps you!