IMPORTANT
This thread has been moved to the Community Wiki. I shall no longer update this thread (although you are welcome to post queries here); I shall update the Wiki instead.
A thread for discussion of the wiki page only can be found here http://ubuntuforums.org/showthread.p...1#post12062071
Thread closed.
__________________________________________________
Normally, if you want to have encrypted data (a.k.a. an encrypted home folder), you specify this when you install or when you create a new user.
But what happens if you decide only afterwards that you want to encrypt your data?
Here is how to do so. This will encrypt a single user; if you wish to encrypt every user, you need to repeat the how-to for each one.
__________________________________________________
DISCLAIMERS & WARNINGS
- I tested this on Ubuntu Precise 12.04. I do not know whether or not it will work on other distributions.
- Enabling encryption will disable hibernation — but you can re-enable it afterwards by following the thread explaining how to enable hibernation with encryption.
- You may want to print this post in case it doesn't work, so you can recover (Test your New Login; and Finalise, below).
__________________________________________________
PREPARATION
- Check your wallpaper. Due to an existing bug, you will be unable to log in with encrypted folders if your wallpaper is in an encrypted area. So, either:
- Change your wallpaper to one of the standard ones; or
- Move your wallpaper to /usr/share/backgrounds and then set your wallpaper to it over there.
- This procedure is safe as it creates an encrypted copy of your folder, which means you need sufficient space on your drive to duplicate everything you have! If you don't, you need to back up your big data (e.g. movies); delete that data; run through this how-to; and restore your deleted data. (Having said that, I always recommend a full backup anyway in case of unexpected problems.)
- This process uses the Terminal and the Recovery Mode. If you don't know how to use them, please find out before proceeding.
- Install ecryptfs-utils. You may use Ubuntu Software Centre or, if you prefer, your favourite package manager, or enter the command:
Code:sudo apt-get install ecryptfs-utils
__________________________________________________
HOW TO ENCRYPT YOUR FOLDER
In this how-to, I've used my user name paddy. Please replace it with your user name.
- Reboot into Recovery Mode.
- Drop to root shell prompt.
- Fix existing 12.04 bugs as follows:
Code:mount --options remount,rw / mount --all- Encrypt your folder. It prompts you for your password, runs, then gives you some warnings. I'll talk about the warnings in the next step.
Code:ecryptfs-migrate-home --user paddy- In the warnings, note the name of the temporary folder that is shown on your screen. It will look something like /home/paddy.ChPzzxqD. The last 8 characters will be random; we will call these eight characters your random characters.
- Ignore the rest of the warnings.
- Reboot with the following command (it may take several seconds to get going; be patient).
Code:reboot now
__________________________________________________
TEST YOUR NEW LOGIN; AND FINALISE
Log in normally. Check that everything seems to work properly.
Did it work?
- Yes, it worked:
- Open a terminal and enter the following command. Replace my random characters with yours (as noted in How to Encrypt Your Folder above, step 5).
Code:sudo rm -R /home/paddy.ChPzzxqD- Restore any data, if you deleted some to make space (Preparation above, step 2).
- Set up encrypted swap space, as follows. Note: This step needs to be done only once; if you already have an encrypted user, you can skip this step.
Code:sudo ecryptfs-setup-swap- Reboot.
- No, it didn't work:
- Repeat How to Encrypt Your Folder above, steps 1-3.
- Check that your random-name folder really is there with the following command; you should not see an error:
Code:ls -l /home/paddy.ChPzzxqD- Type the following commands. Ensure you replace paddy and the random characters.
Code:cd /home rm -R paddy .ecryptfs/paddy mv paddy.ChPzzxqD paddy- Reboot.
Code:reboot now- Restore any data, if you deleted some to make space (Preparation above, step 2).
Bookmarks