How To Encrypt Home Folder From Terminal In Ubuntu 11.10 Oneiric Ocelot

Drive encryption is meant to secure your data and sensitive personal information, in case your computer is stolen or attacked to gain access by a third party source such as a hacker o malware. In such a case, it is necessary to have your data encrypted to secure your bank account credentials, credit card information, social security number, etc, which may be saved on your hard drive.

During the installation of Ubuntu 11.10, an option to encrypt the Home folder is provided, however, in case you have not selected this option during installation, you can easily do it by using the ecryptfs-utils command line. eCryptfs is a cryptographic stacked Linux file system, for storing cryptographic metadata in the header of written files. This allows encrypted files to be copied between hosts. The file is then decrypted with the respective key in the Linux kernel keyring.

Instructions To Encrypt Home Folder From Terminal In Ubuntu 11.10 Oneiric Ocelot

Step 1: To encrypt your Ubuntu Home folder, install ecryptfs-utils command line by entering the following command in the Terminal:

sudo apt-get install ecryptfs-utils

Step 2: Once done, encrypt the Home folder of a user by using the command given below. Make sure that you replace the word “username” with the name of the user for which the Home folder is to be encrypted (as shown in the screenshot below).

Note: Make a complete backup copy of the non-encrypted data a local drive or some external media (e.g. external hard drive). This is to ensure that in case of an error, you can avoid data loss by reverting the changes. WML Cloud administration and team members will not be responsible if you loose any data. use this procedure at your own risk. To create a backup of your system, check out instruction using Linux backup tools here.

sudo ecryptfs-migrate-home –u “username”

Username

Step 3: Once you have entered the above command, you will have to login to the respective user account prior to a system reboot. Once you are logged in, a new window will pop-up, click Run this action now option to proceed further.

Run this action

Step 4: A  Terminal window will pop-up, where you will require entering your password.

Step 5: This will provide you with a pass-phrase for your Home folder. Make sure that you save this pass-phrase outside you computer (e.g. on your mobile o a piece of paper).

Pass Phrase

Some Important Notes!

1. The file encryption after successful completion, will require the “user” to “MUST LOGIN IMMEDIATELY, _BEFORE_THE_NEXT_REBOOT_, TO COMPLETE THE MIGRATION”.

2. If the “user” can log in and read and write their files, then the migration is complete, and you should remove /home/username.wChGFWFI. Otherwise, restore /home/username.wChGFWFI back to /home/username.

3. User should also run ‘ecryptfs-unwrap-passphrase’ and record their randomly generated mount pass-phrase as soon as possible.

4. To ensure the integrity of all encrypted data on your system, you should also encrypted swap space with ‘ecryptfs-setup-swap’.

Extracting The Forgotten Passphrase

In case you forget the pass-phrase, enter the following command in the Terminal, to recover it.

ecryptfs-unwrap-passphrase

If you would like to find encryption instructions for your Dropbox files and folders, then check out our my guide: How To Encrypt Dropbox Files In Ubuntu & Other Linux Versions Using ENCFS. You can also download “eCryptfs  from Launchpad.

Download eCryptfs