How to Encrypt Ubuntu Home Folder After Installation
All supported Ubuntu operating system to date allow the possibility to encrypt your home folder at installation, but if for some reason you forgot or expressly omitted to select this functionality, we now give you the opportunity to enable it after installation.
The following guide will provide you with step-by-step instructions on how to convert your unencrypted home folder to an encrypted one, for enhanced security over your sensitive files.
IMPORTANT: Before we start with the tutorial, please make sure that you have enough free space on the target device, which should be 2.5x the size your current home directory (e.g. if you have 10GB in your home folder, you’ll need 25GB for the conversion). If this requirement is not met, the process will fail with “Not enough free disk space” error.
Editor’s note: Make a copy of your personal files on an external device before encrypting your home folder. Just in case!
Step 1 – Installing the requirements
First of all, we need to install the package that helps us encrypt our home directory, so open a terminal, either by hitting CTRL+ALT+T or simply open it from the Applications menu or Unity, and paste the following command:
sudo apt-get install ecryptfs-utils
Then we need to add a test user with administrator rights. For this, you will need to go to the System Settings and access the User Accounts entry…
Click the “Unlock” button on the upper right side and enter your password. Then click the + button on the lower left side, type test on both fields and select “Administrator” where it says Account Type…
Click the “Create” button to create the user. Wait a few seconds for the new user to be created and make sure it is selected. In the right side, click on the “Account disabled” button and add a password in the new window that appears…
Click the “Change” button to submit the password and you will see that the “Account disabled” option will disappear and some dots will appear instead.
Reboot your computer!
Step 2 – Migrating your files and encrypting your home directory
When you get back, at the login screen DO NOT LOGIN, instead hit the CTRL+ALT+F1 key combination. This will switch you to a text mode, where you have to login with the test user we’ve created above and the password. Once logged in, type the following command, replacing USER with your normal username:
sudo ecryptfs-migrate-home -u USER
Enter your password when asked, hit Enter and wait for the process to finish. Encrypting your files will take a while, but if you have many files, it will take a lot of time, so make sure you grab a book or play a game on another machine.
When the process is over, you will be notified with some important notes. Read them thoroughly, as you will have to delete a folder from your home directory!
WARNING:DO NOT RESTART, DO NOT EXIT THE SESSION AND DO NOT LOG OUT. FOLLOW THE NEXT INSTRUCTIONS!
Step 3 – Setting up your passphrase and completing the encryption process
Now hit the CTRL+ALT+F7 key combination to return to the login screen. Log in with your normal user and wait for the encryption passphrase information window to appear. Click the “Run this action now” to record your passphrase, in case you will need to recover your files at a later time. Write your passphrase in your head or somewhere safe!
That’s it! You can now safely reboot your machine and log back in into your newly encrypted Ubuntu session.