The latest version of Ubuntu enforces encrypting the entire disk rather than just a partition, which means users with dual boot setups can't fully encrypt their Ubuntu machines, leaving encrypting your Home folder as the best option.
For those unfamiliar with disk encryption, it's a method to secure files in Ubuntu by encrypting them. The process is seamless; no additional password entry is required at login, and your disk automatically decrypts once you successfully log in.
Its biggest advantage is that when someone tries to access your PC's data by dual booting or accessing the hard disk, they won't be able to read the content of your encrypted disk (in our case, your "Home folder") without your login password or the encryption passphrase.
Ubuntu offers the simplest and easiest way to encrypt your Home folder, and in this article, I'll show you how to encrypt your Home folder in Ubuntu 24.04, 23.04, or 22.04.
π Note
If you're a newbie, I suggest backing up your entire disk or at least your Home folder for safety reasons.
Step 1: Install the Necessary Tools
To encrypt your Home folder in Ubuntu, you need to install some necessary packages, like eCryptfs. For that, you can open your terminal and execute the following command:
$ sudo apt install ecryptfs-utils cryptsetupOutput:
Step 2: Create a Temporary Admin Account
To encrypt your current user Home folder, you need to switch to another or temporary admin account to prevent any interruptions during the encryption process.
For that purpose, simply go to "Settings" -> "Users" -> Click the "Unlock" button -> Click "Add user" -> enter required details like username and password, ensuring to select Admin, then click "Add" to create an account.
π Note
The option's location may vary depending on your Ubuntu version, but you can easily find it by simply looking around.
Alternatively, you can use your GNOME terminal to create a "temp_user" account by executing the following command:
$ sudo adduser temp_userAfter creating the user account with the above command, ensure to add the user to the "sudo" group by using the following command:
$ sudo usermod -aG sudo temp_userStep 3: Encrypt Home Folder
Now that you've created a temporary admin account, you can log out of your current user account and log in with the new admin account. Then, open your terminal and execute the following command to begin encrypting your Home folder.
π Note
Make sure to replace <username> with the username for whom you wish to encrypt the Home folder.
$ sudo ecryptfs-migrate-home -u <username>During the process, the command will first prompt for the "sudo" password, so input the one you chose for your temporary admin account, then it will ask for the password for the user account whose Home folder you want to encrypt, so input it, and the process will begin.
Once the process is complete, you'll receive the following output along with some important notes for your reference. I'll briefly explain most of them now, but remember, if anything goes wrong, you can restore the backup file /home/username.xxxxx created during the encryption process.
Step 4: Log Back to the Encrypted User Account
Once the Home folder is encrypted, log out and log back in to your original user account. Wait a few seconds for the following prompt to appear, then click the "Run this action now" button. Enter the user login password to generate a random passphrase for recovery purposes, which you should securely store.
Alternatively, you can also execute the following command to record your randomly generated passphrase:
$ ecryptfs-unwrap-passphraseOutput:
Step 5: Encrypt the Swap Area
If you're familiar with Linux swap space, you might be aware that your swap also contains sensitive data that requires encryption. To address this, you can execute the following command to first verify if you have any swap areas.
$ swapon -sOutput:
If you don't have a swap partition, skip; otherwise, proceed to execute the following command to encrypt the swap:
π Note
Encrypting the swap partition might hinder the hibernate and suspend features.
$ sudo ecryptfs-setup-swapDuring the encryption process, it may ask you to press Y for yes.
Once the process is complete, you will receive the following output:
The final line showing swapon: cannot open /dev/mapper/cryptswap1: No such file or directory indicates that there were issues during the process, but it's just a standard messageβno need to worry. You can confirm the encrypted swap by rebooting and running the swapon -s command.
Step 6: Clean Up
Once everything is completed, you can delete the temporary user account by going to "Settings" -> "Users" -> "Unlock" -> Choose the "temp_user" account and select the "Remove User..." button.
Alternatively, you can also use the following command to remove the temp_user account:
$ sudo userdel --remove temp_userDuring the Home folder encryption process, a Home folder backup was also created, which you can remove immediately or after a few days by executing the following command:
$ ls /home/
$ sudo rm -rf /home/username.xxxxxOutput:
That's it! You've successfully encrypted your Home folder. You won't notice any visual changes because the process is seamless. When you log in with your user account, the Home folder will automatically decrypt. Even if someone tries to access it via a bootable USB or directly through the hard disk, they won't be able to read its content.
