To encrypt your home folder will add extra security to your Linux box, this becomes handy in several scenarios. For example, if your laptop gets stolen or if you share your workspace, your information will remain always safe. This tutorial will guide you to encrypt all the files in your home folder, so it might be wise to perform a backup before you start. The process described here will actually do a backup, but if you are really picky about a possible lost of information you better make a hand-made backup before starting what's described below. Also, deactivate automatic login if it's enabled for the user whose home folder you are about to encrypt.


An additional note, I will use $ and # to illustrate whether a command should be typed as user or root, these characters are nor part of the instructions.

First, we need to install all necessary tools for the task. Open a terminal and, if you use OpenSUSE type:
$ sudo zypper in ecryptfs-utils cryptsetup

If you use Ubuntu or any of it's derived distributions type 
sudo apt-get install ecryptfs-utils cryptsetup
Enter your password, hit Enter and then hit Enter again to proceed with the installation process. A couple of additional libraries will be installed. Once the installation is done you must logout because you can't encrypt a folder you are using.

After logging out, login as root and open a terminal (another option is to press Ctrl+Alt+F1 and login to your root account there) and activate the kernel module for encryption:
# modprobe ecryptfs
Now let's encrypt our user's home folder.
# ecryptfs-migrate-home -u user 
You should see something like this:

INFO:  Checking disk space, this may take a few moments.  Please be patient.
INFO:  Checking for open files in /home/user
Enter your login passphrase [user]: 
Enter your user password and wait, depending on the size of your home folder this could take a fair amount of time. When the program is finished you will see the next message in the console:

************************************************************************YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphraseTHIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.************************************************************************Done configuring.
chown: cannot access ‘/dev/shm/.ecryptfs-user’: No such file or directoryINFO:  Encrypted home has been set up, encrypting files now...this may take a while.sending incremental file list./
sent 44 bytes  received 15 bytes  118.00 bytes/sectotal size is 0  speedup is 0.00
========================================================================Some Important Notes!
 1. The file encryption appears to have completed successfully, however,    gubert MUST LOGIN IMMEDIATELY, _BEFORE_THE_NEXT_REBOOT_,    TO COMPLETE THE MIGRATION!!!
 2. If gubert can log in and read and write their files, then the migration is complete,    and you should remove /home/user.ijuGxRyQ.    Otherwise, restore /home/user.ijuGxRyQ back to /home/user.
 3. gubert should also run 'ecryptfs-unwrap-passphrase' and record    their randomly generated mount passphrase as soon as possible.
 4. To ensure the integrity of all encrypted data on this system, you    should also encrypted swap space with 'ecryptfs-setup-swap'.========================================================================
Logout, then login to your user account DO NOT RESTART your computer. After you login in to your account open a terminal and type:
$ ecryptfs-unwrap-passphrase 
you will be asked for your user password, type it and hit enter, you will see something like this:
Passphrase:
bcd556d94812f67e98e4ac437d170e56
Save that text somewhere safe, you will need it in case you need to recover your information from outside your account. For extra security you need to encrypt your swap partition, to do this become root and type:
# ecryptfs-setup-swap
If at this point everything is OK you can delete the backup folder, in the example it's /home/user.ijuGxRyQ. Finally you are done, your user password is your key to decrypt your files, the process is transparent so you might use your GNU/Linux box as usual.

If at some point you want to change your user password, you need to update the encryption key too, to do this open a terminal and type
ecryptfs-rewrap-passphrase /home/.ecryptfs/$USER/.ecryptfs/wrapped-passphrase
Type your new password, press enter and that's it. /zeronteprojectdotcom

Post a Comment

Previous Post Next Post