When a linux box came from hibernation usually resume everything from the previous state.
That means that if someone just hit the power button on your system, in a few minutes he/she will have access to your linux partition and most certain to an already logged-in system !
In a previous post i wrote how to enable Lock Screen after hibernation, but lets face it. This isnt a secure way!
And if someone has access to your hard drive he/she can somehow retrieve your data from your hibernate snapshot.
An alternative and most secure way is to encrypt your hibernate snapshot and then access it through a pass phrase.
First of all, your have to create the key for the encryption process.
Just type: suspend-keygen and then choose the length of the key. I prefer 4096 bits.
After that, you should type a secure pass phrase. Finally choose the name of the key.
A full example:
$ suspend-keygen libgcrypt version: 1.4.6 Key bits (between 1024 and 4096 inclusive) [1024]: 4096 Generating 4096-bit RSA keys. Please wait. Testing the private key. Please wait. Passphrase please (must be non-empty): Confirm passphrase: File name [suspend.key]:
Τransfer your suspend.key to /etc
mv suspend.key /etc/
Now you must edit the below two lines on: /etc/suspend.conf
encrypt = y
RSA key file = /etc/suspend.key
Thats it !
The next time you resume your system from hibernation, you have to write your pass phrase to resume your encrypted hibernate snapshot.