Encrypt Home Directory

Description

During a trip with my laptop I realized that if my laptop was taken, things like my files or tokens would be accessible. I found a great article on how to encrypt a home directory in Ubuntu after you have install the OS. This post will go through the steps I took to encrypt my home directory to ensure data security. A quick note, you will need 2.5x the space of the home directory free for the process to start. It’s always good practice to backup files before doing something like this!

Package Installation

First we need to install two packages to do this process.

sudo apt install ecryptfs-utils cryptsetup

User Creation

We can’t encrypt our own home directory while using it. Instead we need to create a new user account temporarily to do this.

sudo adduser encrypt_user
sudo usermod -aG sudo encrypt_user

After you create the user, logout of your account and login as the new user.

Encrypt Home Directory

To encrypt the home directory run the following command:

sudo ecryptfs-migrate-home -u yourusername

This process might take some time to finish.
You will see instructions on what to do next.
Immediately login as your user to finish the encryption setup.

First Login

Logout of the encrypt_user account and back in as your user. Ensure you can read your files and create new ones.
Now in the textbox that popped up click “Run Action Now”. It will ask for a passphrase, type in your password and hit enter. It will print a key for you to recover data if needed. Make sure to record that.

Finalization

If all is well you can delete the temporary directory created for your files under /home called /home/username.somethinghere. Here is my command that I ran. Remember to ensure you can access your files before doing this!

sudo rm -rf /home/dan.emdJQtwH/