how to encrypt your home folder in ubuntu or debian

How to Encrypt Your Home Folder in Ubuntu/Debian Linux

Suppose you have a work laptop that you travel with and it holds important data. With no encryption, a third party, with access to your laptop can easily obtain your storage device and access all the data within it.

While encrypting your whole disk might be more secure, in my opinion, the performance cutback and slow boot time is not worth it.

However, if only the home folder is encrypted, an unauthorized person will not be able to access the data without the right passphrase. Encrypting your home folder in Linux is an easy way to protect your precious data without hurting the performance.

Here in this short tutorial, I will show you how you can secure your home folder with encryption on Ubuntu, Debian, and their derivatives such as Linux Mint, Kubuntu, Lubuntu, etc.

Encrypt your Home Folder in Ubuntu Linux

To follow this tutorial, you will need the basic knowledge of command line in Linux, lets begin.

Before we get started, we need to install a couple of command line tools.

Open a terminal window and type in:

sudo apt install cryptsetup ecryptfs-utils

Making a Backup

Once they are installed, the next step is to make a backup of our home folder.

While not necessary, a backup is highly recommended, it will ensure that we do not lose our precious data if anything like a power failure or user error happens during the encryption process.

If you don’t have enough space on your drives you can skip this step as ecryptfs also makes a copy of your home directory before encrypting.

But, I would still suggest that you back up your home directory to a different drive just in case.

Use the command:

rsync -av /home/username /path/to/backup

Replace username with your account username & /path/to/backup/ with the location where you want to save your backup.

After the process is complete your home directory and all of its data will be backed up to the location that you specified.

Adding a Temporary Account

Next, we will need to add a new account with administrator privileges. This is required as we can not encrypt the home partition of a user account when it is in use(logged in). So, we need to log out and sign in using another account that has admin (sudo) privileges.

To create a new user, you can either use the terminal or use the Users app in Ubuntu. For the sake of simplicity, we will be using the default ‘Users’ app.

(Note: Other Distributions should also have a GUI option to add users. Just search for the term ‘Users‘ either in your app drawer or settings app.)

1. Open the Users app and add a new user, make sure to give him administrator rights.

add new user ubuntu

2. Now, log out of your main account and sign in into the temp account that you just created.

Encrypting Home Folder

We can now start the encryption process, when you run this command a backup of your home directory will be automatically created.

Open a terminal there and type:

sudo ecryptfs-migrate-home -u username

Replace username with your own username (of which you want to encrypt the home directory) and run the command.

The encryption process is now underway, it can take some time if you have a rather large home directory.

Also keep in mid that you need 2.5X more empty space than your current usage to encrypt your drive. You can later recover this space by deleting the backup of your home folder.

encrypting the home folder linux

When this process completes, logout of the temporary account and sign back in to your main account. Remember to not restart the computer before logging back into your main account.

Next, in a terminal window, type:

ecryptfs-unwrap-passphrase

Hit enter, type in your password (for main account) and note down the output. This will be your recovery code that you can use to decrypt your data if anything happens to your Linux install. Make sure to save it in a safe place.

Reboot your system now and log back into your main account.

Final Steps

We can now remove the temporary user that we created. Log back into your main account, open the ‘Users’ app, select the temp user and remove it.

Once you have verified that all of your data is intact and your home folder looks normal, you can delete the backup folder that was created by the ecryptfs tool and the one that we created manually.

The automated backup is located at the /home directory and would be named something like main.1hQgFs (if your username was main). It is safe to delete this folder.

This concludes our post on how to encrypt your home folder in Ubuntu and Debian based Linux distributions. If you have any suggestions, questions, or any other feedback on this article, feel free to comment down below,

Leave a Reply

Your email address will not be published. Required fields are marked *