How to encrypt the home folder in Ubuntu 18.04 or 19.04

Ubuntu 18.04 LTS and later versions of Ubuntu no longer include the option to encrypt the home directory in the installer. The option is Removed From the Ubuntu installer because it uses Encrypted file, It is considered “clumsy and insufficiently maintained”, and the recommended alternative is to use LUKS for full disk encryption.
For the encryption of each directory (such as the home folder), it is recommended to use encryptionAs far as I know, it does not support encrypted home directories unless it is on a separate partition. I have never used fscrypt, but if requested, I will try to publish an article on how to use it to encrypt your (separate partition) home folder.
Nevertheless, if you still want to use eCryptfs to encrypt your home folder, you can find instructions below.

Encrypt the home folder of an existing user account on Ubuntu

To make this guide easier to understand, we will refer to the user for whom the home directory is encrypted as “user1”, and the user account for running the migration as “user2” .1. Install the required encryption package on Ubuntu 19.04 or 18.04 system:

sudo apt install ecryptfs-utils cryptsetup

2. You need to log in to an administrator account (user2), which is different from the home directory user (user1) to be encrypted.
If your user is the only existing user account on the computer, you need to create another user (with administrator rights) account. This can be temporary, so you can delete it later. To create a new user with administrator rights on Ubuntu, you can use:

  • GUI-in Gnome, from Settings > Details > Users (And set its password):


  • Or from the command line:
sudo adduser 
sudo usermod -aG sudo 

3. Migrate the home folder of the encrypted user (user1).
Reminder: Make sure that the administrator user you log in is the home folder (user2) that you do not want to encrypt.
Run the following command to migrate the home folder of user1 (we will encrypt the home directory for the user):

sudo ecryptfs-migrate-home -u 

Make sure you use the password After running the above command, set it when prompted.
When this command is run, a backup of the user’s (user1) home folder will be created. After completing this method, if everything is ok, you can safely delete the backup. Not now, keep reading! 4. Log out and log in with encrypted user credentials (user1). Don’t restart! 5. Print and record the recovery password.
After logging in to the encrypted user account (user1), run the following command to print and record the recovery password:

ecryptfs-unwrap-passphrase

Keep this information (output) in a safe place!
This completes the Ubuntu 18.04 LTS / Ubuntu 19.04 home encryption process. Restart, if everything is ok, you can safely delete the temporary user and the backup created under step 3. If you forget the backup name, run ls /home, One of the listed folders should be the username, followed by a dot and some numbers and letters (e.g. logix.4xVQvCsO)-This is the backup. Do this only after restarting!

Encrypt home folder for new user account on Ubuntu

These instructions apply to how to create a new user and encrypt their home directory when creating it. For information on how to encrypt the home directory for existing users, see the separate instructions above: 1. Install the required encryption package on the Ubuntu system:

sudo apt install ecryptfs-utils cryptsetup

2. Create a new user with an encrypted home directory:

sudo adduser --encrypt-home 

If you want to make a new user an administrator, use:

sudo usermod -aG sudo 

3. Log out and log in with the new user credentials. Don’t restart! 4. Print and record the recovery password.
Run the following command to print and record the password:

ecryptfs-unwrap-passphrase

Keep this information in a safe place! After that, the home folder on Ubuntu 19.04 or 18.04 should be encrypted.

Source

Sidebar