Encrypt Home Folder on Linux
Warning
Please backup all your data before encrypting anything. I recommend Déjà Dup when backing up Linux.
ecryptfs backs up your data before encrypting it on your local system. In case anything is missing, it will create a local copy of your data. However, I highly recommend you back up your data in the event that it does not create a local copy of your home folder.
Encrypting your home folder will require free space that is 2.5 times bigger than the home folder you want to encrypt because ecryptfs will create a backup. For example, if your home folder is 10 GB, have at least 25 GB left over.
Throughout this guide, replace yourusername
with the name of the user folder you want to encrypt.
How to Encrypt
Log out of your user's account. Press Ctrl + Alt + F1
. If this doesn't combination doesn't work, replace F1
with keys from F2
to F6
. This will bring up the TTY.
- If you want to exit, press
Ctrl + Alt + F7
Switch to root
.
sudo -s
Install ecryptfs-utils
. For Debian/Ubuntu:
sudo apt install ecryptfs-utils
Adjust above command to your distro's package manager. You can use this guide if you're stuck.
Next, encrypt your user account. Replace yourusername
with your username:
sudo ecryptfs-migrate-home –u yourusername
You can encrypt multiple user accounts by running the above command several times.
After, enter a passphrase to encrypt your new home folder:
ecryptfs-add-passphrase
Ensure you remember your passphrase. It's best to store it in a password manager. I recommend setting it to the same as your login password.
Reboot your system. Verify you can login to your user account. Check that everything is working.
Remove your local backup (typically stored as yourusername.random_letters
). For instance, ecrypt-fs
will store a local backup of user
in user.iLvpQs
.
sudo rm -r yourusername.random_letters
Verify Home Folder is Encrypted
Enter this command:
mount | grep yourusername
If you see something along the lines of .ecryptfs
and yourusername
, your home folder is encrypted.
You can also check ~/.Private
for ecryptfs.