Pages

Wednesday, September 5, 2012

How to Encrypt Ubuntu Home Folder After Installation



The following tutorial will teach Ubuntu users how to encrypt their home folder after installation, for enhanced security.

Given the fact that we live in a virtual word where hackers grow like mushrooms every day, we think that it is essential for every computer user to use secure connections to the Internet, as well as encrypted hard drives.

All supported Ubuntu operating system to date allow the possibility to encrypt your home folder at installation, but if for some reason you forgot or expressly omitted to select this functionality, we now give you the opportunity to enable it after installation.

The following guide will provide you with step-by-step instructions on how to convert your unencrypted home folder to an encrypted one, for enhanced security over your sensitive files.

IMPORTANT: Before we start with the tutorial, please make sure that you have enough free space on the target device, which should be 2.5x the size your current home directory (e.g. if you have 10GB in your home folder, you'll need 25GB for the conversion). If this requirement is not met, the process will fail with "Not enough free disk space" error.

Editor's note: Make a copy of your personal files on an external device before encrypting your home folder. Just in case!

Step 1 - Installing the requirements

First of all, we need to install the package that helps us encrypt our home directory, so open a terminal, either by hitting CTRL+ALT+T or simply open it from the Applications menu or Unity, and paste the following command:

sudo apt-get install ecryptfs-utils

Then we need to add a test user with administrator rights. For this, you will need to go to the System Settings and access the User Accounts entry...

Review image

Click the "Unlock" button on the upper right side and enter your password. Then click the + button on the lower left side, type test on both fields and select "Administrator" where it says Account Type...

Review image

Click the "Create" button to create the user. Wait a few seconds for the new user to be created and make sure it is selected. In the right side, click on the "Account disabled" button and add a password in the new window that appears...

Review image

Click the "Change" button to submit the password and you will see that the "Account disabled" option will disappear and some dots will appear instead.

Reboot your computer!

Step 2 - Migrating your files and encrypting your home directory

When you get back, at the login screen DO NOT LOGIN, instead hit the CTRL+ALT+F1 key combination. This will switch you to a text mode, where you have to login with the test user we've created above and the password. Once logged in, type the following command, replacing USER with your normal username:

sudo ecryptfs-migrate-home -u USER

Enter your password when asked, hit Enter and wait for the process to finish. Encrypting your files will take a while, but if you have many files, it will take a lot of time, so make sure you grab a book or play a game on another machine.

When the process is over, you will be notified with some important notes. Read them thoroughly, as you will have to delete a folder from your home directory!

WARNING: DO NOT RESTART, DO NOT EXIT THE SESSION AND DO NOT LOG OUT. FOLLOW THE NEXT INSTRUCTIONS!

Step 3 – Setting up your passphrase and completing the encryption process

Now hit the CTRL+ALT+F7 key combination to return to the login screen. Log in with your normal user and wait for the encryption passphrase information window to appear. Click the "Run this action now" to record your passphrase, in case you will need to recover your files at a later time. Write your passphrase in your head or somewhere safe!

Review image

That's it! You can now safely reboot your machine and log back in into your newly encrypted Ubuntu session.

Editor's note: If everything is OK, please remove the extra folder (the one with some random letters after your name e.g.: softpedia.xzsdyes) in your home directory (you ill need to do that in a terminal with the sudo rm -rf FOLDER command). Also remove the test user created in the first step!

If you encounter problems with the tutorial, do not hesitate to comment below!

No comments:

Post a Comment