Encrypt your home folder in Ubuntu 18.04

ecryptfs

For quite some time Ubuntu has offered us an option during the installation process to encrypt our personal folder, which many of us simply ignore. This option is a security measured so that outsiders have access to our personal folder.

On Linux we have several alternatives among which GPG on files, eCryptfs or EncFS on directories, TrueCrypt or dm-crypt on devices, loop-AES for loop files, among others. That is why in this tutorial we will use eCryptfs to encrypt our personal folder.

ECryptfs is a tool that allows us to encrypt file systems under Linux systems, eCryptfs stores cryptographic metadata in the header of each written file, so that encrypted files can be copied between hosts.

The file will be decrypted with the appropriate key in the Linux kernel key ring. ECryptfs is widely used as the basis for Ubuntu's Encrypted Home Directory and is also native to ChromeOS.

How to install eCryptfs on Ubuntu 18.04 and derivatives?

In order to encrypt our folder, we must install some utilities, we can find them from the Ubuntu software center or with the help of Synaptic we just have to look for:

ecryptfs

Or also we can use the terminal to install it on our computer, we just have to open a terminal and execute the following command.

sudo apt install ecryptfs-utils cryptsetup

How to encrypt personal folder in Ubuntu 18.04?

NowIt is important to know that we will not be able to encrypt the personal folder of our user in use, it is because of that we must support ourselves by creating another user in the system to perform this task and give it administrator permissions.

This may be temporary, so you can delete it later. To create a new user with administrator rights, you can use:

From Settings> Details> Users:

ubuntu_encrypt_home_new_user

O from the command line:

sudo adduser <user>

sudo usermod -aG sudo <user>

Now we must migrate the user's home folder to encrypt.

They must remember and by simple intuition to close session in our user account and log in with the newly created account to be able to encrypt our personal folder.

Done this we must open a terminal and execute this command to migrate the home folder we want:

sudo ecryptfs-migrate-home -u usuariodelacarpeta

When running this command, a backup copy of the desired user's home folder is created. This process may take a while so you should be patient.

Once the process is finished, log out of the system and log in using normal user credentials.

Almost to finish password need to be added to encryption, for this we must open a terminal and execute the following command:

ecryptfs-unwrap-passphrase

Once this process is finished, we just have to restart our computer to start enjoying having our data encrypted.

Already with it can safely remove the temporary user, as well as the backup created.

If they can't remember the backup name, in a terminal they can run

ls /home

And we can see one of the mentioned folders must be a username followed by some numbers and letters (like logix.4xVQvCsO) - that's the backup.

But this step is only after the reboot.

Can a new user's folder be encrypted?

This process can also be applied to new users, so the commands shown here are the same for this, since we are using our user account to encrypt a new one.

sudo adduser --encrypt-home <user>

To create the new user with administrator permissions:

sudo usermod -aG sudo <user>

Now we finally assign a strong password to it:

ecryptfs-unwrap-passphrase

We restart the equipment and that's it.

Without more, this is one of the tools that Ubuntu uses natively, but as mentioned there are some others with more specific and advanced functions, if you know any other method to encrypt our personal folder, do not hesitate to share it with us in the comments.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.