Ubuntu 22.04 Home folder Encryption after installing the OS

From Notes_Wiki

Home > Ubuntu > Ubuntu 22.04 > Ubuntu 22.04 Home folder Encryption after installing the OS

Ubuntu uses eCryptfs for encryption. When you log in, your home directory is automatically decrypted with your password

Install the package

sudo apt install ecryptfs-utils cryptsetup

setup root password

Set the root password if it has not been set already. 

sudo passwd
  • Logout from current user GUI login.
  • Login as root user (after logout) use “Ctrl + Alt + F2” or “Ctrl+Alt+F3” to get to a text console.
  • On text console try root login. This is required as root login via GUI may not work in Ubuntu.

Encrypt the Home Folder

sudo ecryptfs-migrate-home -u your_original_account_username
  • enter your login password

Note: The encryption process may take some time depending on how much data you have in your home folder. During this time, do not interrupt or close the terminal window

  • Log Out from root user text console. Don't reboot machine at this point.
  • Press “Ctrl+Alt+F1” to get back to graphical screen.
  • Log Back In as the Original User
  • Make sure NOT to restart the machine. This is really important because restarting will cause problems with accessing your encrypted data.

Confirm Home Folder Encryption

To confirm that your home folder is encrypted, you can try to create a text file with some content in it and see if you can access it normally. For example, run the following commands in a terminal: 

echo "Hello, world!" > ~/test.txt
cat ~/test.txt

You should see the output "Hello, world!" on the screen. This means that you have access to write and read data in your home folder.

Record Your Encryption Passphrase

sudo ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
  • enter user login password
  • capture the passphrase

NOTE: Keep this passphrase somewhere safe – you’ll need it if you have to manually recover your files in the future.

  • Delete extra home folder copy from /home. You might see /home/<username>.kNHnCSNv which can be deleted once the /home/<username> is verified to work properly.
Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Ubuntu_22.04_Home_folder_Encryption_after_installing_the_OS&oldid=8965"