How to Encrypt and Decrypt Home Directory in Linux Ubuntu after Installation

1. Backup Home Directory:

 

   “user” is the username of your (main) Home directory. Be sure to change it whenever applicable.   

  • Login to the (main) Home directory which needs to be encrypted
  • Ctrl+ALt+T
sudo apt install ecryptfs-utils cryptsetup
sudo cp -rp /home/user /home/user.backup
  • Create A new User account with admisnistrative rights. System Settings> User Accounts> Unlock> Create New User (+)
    • Account Type: Administrator
    • Full name: TempUser
    • Username: tempuser
  • Create
  • Enable Account
  • Set up a password
  • Automatic Login: On
  • Log out
  • Log in to the temporary account

2. Encrypt (main) Home Folder:

sudo ecryptfs-migrate-home -u user
  • Provide password of temporary account and then the main Home/account password
  • Wait until it shows a dialogue called “Some Important Notes!” and ensures the encryption/migration of Home folder is done
  • Log out and log back in the (main) Home Account
  • Wait until a dialogue pops up which says “Update Information – Record Your Encryption Passphrase”.
  • Click Run this action now.
  • A terminal will pop up and and may show nothing but a blank screen with Passphrase written on it. Simple type your password and hit Enter.
  • A long string of passphrase will be displayed. Copy and save it somewhere safe.
  • Visit the passphrase anytime by running –
ecryptfs-unwrap-passphrase

3. Encrypt SWAP partition:

sudo ecryptfs-setup-swap
  • Type Shift+Y and hit Enter.
  • Remove Auto-generated backup
sudo rm -rf /home/user.random numbers

4. Decrypt Home Folder:

  • Disable Encrypted SWAP:
    *” addresses the correct partition number according to the system.
sudo swapoff -a
sudo cryptsetup remove /dev/ mapper/cryptswap1
sudo vim /et/crypttab
  • Remove the /dev/sda* line. For example, /dev/sda2
sudo /sbin/mkswap /dev/sda*
sudo swapon /dev/sda*
sudo vim /etc/fstab
  • Replace /dev/mapper/cryptswap1 with /dev/sda*

5. Remove Home Encryption:

  • Log out and log in to the temporary account.
  • Ctrl+Alt+T
sudo rm -rf /home/user
sudo rm -rf /home/user.backup/.ecryptfs
sudo apt remove encryptfs-utils libecryptfs0
sudo mv /home/user.backup /home/user
  • Log out of temporary account and Log in to the main account.
  • Remove the temporary account same way as it was created.

--END OF TEXT--

Helper Links:
https://www.logilab.org/blogentry/29155
https://www.howtogeek.com/116032/how-to-encrypt-your-home-folder-after-installing-ubuntu/
https://www.howtogeek.com/116179/how-to-disable-home-folder-encryption-after-installing-ubuntu/

Creative Commons License

How to Encrypt and Decrypt Home Directory in Linux Ubuntu after Installation