• ARTICLES
SEARCH

How-To Geek

How to Encrypt Your Home Folder After Installing Ubuntu

image

Ubuntu offers to encrypt your home folder during installation. If you decline the encryption and change your mind later, you don’t have to reinstall Ubuntu. You can activate the encryption with a few terminal commands.

Ubuntu uses eCryptfs for encryption. When you log in, your home directory is automatically decrypted with your password. While there is a performance penalty to encryption, it can keep private data confidential, particularly on laptops that may be stolen.

Getting Started

Before doing any of this, you should ensure you have a backup of your home directory and important files. The migration command will create a backup on your computer, but it’s important to have an additional backup – just in case.

First, install the encryption utilities:

sudo apt-get install ecryptfs-utils cryptsetup

image

You’ll have to encrypt your home directory while you’re not logged in. This means that you’ll need another user account with administrator (sudo) privileges – you can create one from Ubuntu’s User Accounts window. To open it, click your name on the panel and select User Accounts.

image

Create a new user account and make it an administrator.

image

Set a password by clicking the password box. The account is disabled until you apply a password.

image

After creating the user account, log out of your desktop.

image

Migrating Your Home Folder

Select your new, temporary user account on the login screen and log in with it.

image

Run the following command to encrypt your home directory, replacing user with the name of your user account:

sudo ecryptfs-migrate-home -u user

You’ll have to provide your user account’s password. After you do, your home directory will be encrypted and you’ll be presented with some important notes. In summary, the notes say:

  1. You must log in as the other user account immediately – before a reboot!
  2. A copy of your original home directory was made. You can restore the backup directory if you lose access to your files.
  3. You should generate and record a recovery phrase.
  4. You should encrypt your swap partition, too.

image

Log out and log back in as your original user account. Do not reboot your system before logging back in!

image

After you log in, click the Run this action now button to create a recovery passphrase. Keep this passphrase somewhere safe – you’ll need it if you have to manually recover your files in the future.

image

You can run the ecryptfs-unwrap-passphrase command to view this passphrase at any time.

Encrypting the Swap Partition

When you set up an encrypted home directory while installing Ubuntu, your swap partition is also encrypted. After setting up home directory encryption, you’ll also want to set up swap encryption. To do so, run the following command in a terminal:

sudo ecryptfs-setup-swap

image

Note that an encrypted swap won’t work properly with Ubuntu’s hibernate feature – which is disabled by default, anyway.

image

Clean Up

After restarting your system once or twice and verifying everything works properly, you can clean everything up. In addition to deleting the user account, you can remove the backup home folder located in your system’s /home directory.

image

You’ll have to remove the backup directory from a terminal with a command like the following one. Be very careful when using this command – you could accidentally delete your real home folder or another important system directory if you type the directory name wrong:

sudo rm -rf /home/user.random

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 06/8/12

Comments (5)

  1. Jao Madn

    Hi,

    Great, nice post..

    May i ask if this will work also in ubuntu 10.04, If it works does it mean i will used the same package..

    Thanks and Best Regards.

  2. cam2644

    Useful to know. Filed for possible future use. Thanks

  3. OpnMdn

    Nice info guys,i want to share in my blog

  4. Nux

    What happens if the user changes his password? Will the unlocking of the home dir still work or the user will be locked out?

  5. Chris Hoffman

    @Jao Madn

    Quite possible, but I didn’t test myself so I can’t guarantee it — assuming Ubuntu 10.04 includes the same utilities, I suppose so.

    @Nux

    I believe it will still work. This is the same way Ubuntu encrypts home directories if you install it — it should handle this itself and not prevent decryption if you change your password.

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!