Encrypt Your Home Folder on Ubuntu 17.10

During Ubuntu 17.10 installation, you will be asked if you’d like to encrypt your home directory. You can choose to encrypt at that time. However, if you skip that during the installation, don’t worry.. it can be encrypted after.

This brief tutorial is going to show students and new users how to encrypt user’s home directory after Ubuntu installation. Encrypting your home directory after installing Ubuntu isn’t as easy as during the installation.

Since you can’t be logged while you encrypt your own home folder, you’ll need to create a temporary adminsitrator account or use another user account on the system to use to encrypt your home folder.

Step 1: Installing the Encryption Package

To encrypt your home folder on Ubuntu 17.10, run the commands below to install the encrypt software.. its not installed by default.

sudo apt install ecryptfs-utils cryptsetup

After installing, continue below to create a temporary account to use to encrypt your directory. You can’t be logged into your account while encrypting it. It will not work.

Step 2: Create a Temporary Admin Account

Now that you’ve install the encryption package, go and create a temporary account to use to encrypt your home directory. You will delete the temp account later after you’re done.

To learn how to create an account on Ubuntu 17.10, read the post below:

Adding New Users to Ubuntu 17.04 / 17.10

Step 3: Login as the Temp User

Now that you’ve created a temporary user account, login as that user and run the commands below to encrypt your home directory.

sudo ecryptfs-migrate-home -u USER

Replace USER with your username. Because you’re running a sudo command, you will be prompted for the temporary user password.

Next, you’ll prompted for your password.. type it. The command above will create a backup of the home directory of the account you’re encrypting and store a copy just in case something goes wrong.

Some Important Notes!

 1. The file encryption appears to have completed successfully, however,
    richard MUST LOGIN IMMEDIATELY, _BEFORE_THE_NEXT_REBOOT_,
    TO COMPLETE THE MIGRATION!!!

 2. If richard can log in and read and write their files, then the migration is complete,
    and you should remove /home/richard.gVz0oY6G.
    Otherwise, restore /home/richard.gVz0oY6G back to /home/richard.

 3. richard should also run 'ecryptfs-unwrap-passphrase' and record
    their randomly generated mount passphrase as soon as possible.

 4. To ensure the integrity of all encrypted data on this system, you
    should also encrypt swap space with 'ecryptfs-setup-swap'.

Step 4: Login as Yourself to complete the encryption

Now logout of the temporary account and log back into your account. Then run the commands below to complete the encryption process.

ecryptfs-unwrap-passphrase

You may also want to encrypt the swap space being used on system. To do that, run the commands below

sudo ecryptfs-setup-swap

Restart your Ubuntu desktop.. login and if everything is ok, you can go ahead and delete the backup that was created in your home directory.

Congratulations!~ You’ve just encrypted your home directory.

You may also like the post below

How to Make Windows 10 Computers Start Up Fast

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.