By default, selecting the “Encrypt my home directory” option at install time will encrypt your swap space¹ as well - at least in Ubuntu 10.04 and newer (I don't know when this was implemented, so it could well be earlier).
Technically, it uses the
ecryptfs-setup-swap program to do the swap encryption. You can use this tool if you want to encrypt your swap space post-install.
¹: This applies to both swap partitions and any swap files you may have set up.
You have a problem with your
/etc/crypttab file that's causing eveything to go south, and a problem with your swap partition.
First off, you need to
mkswap the partition that you want to use for your encrypted swap file. The cryptdisk utility expects your partition to be swap, so you should keep it as such:
sudo mkswap /dev/sda4
Now, note that this will change the partition's UUID. Get the new one with the following command, and make note of it:
sudo blkid /dev/sda4
Now, we need to deal with the larger problem at hand: your
/etc/crypttab file. Replace it with the following:
# <target name> <source device> <key file> <options>
cryptswap UUID=<Your new UUID> /dev/urandom swap,offset=1024
Reboot the system, and you should have a working swap!
You have your
cryptswap set up currently to recreate the entire partition as an encrypted swap. This is Not Good™, because we need to preserve the UUID. By offsetting the swap by 1024 blocks, we preserve the critical filesystem info, including the UUID.
Regarding the standard home encryption provided by Ubuntu, you can
and if you get something like
then the username's home directory is encrypted. This works when username is not logged in, so the partition is not mounted. Otherwise you can look at
About the swap, do
and should check for an output similar to