cryptsetup - How to encrypt Home partition after installing Ubuntu

Before doing this, you should backup your home directory and important files. The migration command will create a backup on your computer, but it’s important to have an additional backup – just in case.

You should practice this process on a virtual machine firstly.

This guideline demonstrates a process to encrypt a home partition of the user "test" and the user runs the migration is "tempuser".

This guide is prepared on Ubuntu 19.10, Ubuntu 18.4

Step 1: Install the encryption utilities:

Open a terminal and run the below command to install the encryption utilities

sudo apt-get install ecryptfs-utils cryptsetup
images/download/attachments/4079674/image-20200514-074110.png images/download/attachments/4079674/image-20200514-074247.png images/download/attachments/4079674/image-20200514-074333.png

Step 2: Create a new user account (temporary account) with administrator privilege

Open a terminal and run the below command to create a new user account, called tempuser

sudo adduser tempuser
sudo usermod -aG sudo tempuser

Step 3: Log out and log in with the user just created in step 2 (tempuser)


Step 4: Migrate the home folder of a user you would like to encrypt that user’s home partition (user test)

Note: you have to log in with an administrator user who is not the user you would like to encrypt the home partition

Run this command to migrate the home folder of user “test” (the user for which we'll encrypt the home partition):

sudo ecryptfs-migrate-home -u test

Step 5: Log out and log back with the user you encrypted his/her home partition


After you log in, click the “Run this action now” button to create a recovery passphrase. Keep this passphrase somewhere safe – you’ll need it if you have to manually recover your files in the future.

images/download/attachments/4079674/image-20200514-075624.png images/download/attachments/4079674/image-20200514-080052.png

Step 6: Verify if home folder is encrypted

Open a terminal and run the below command to check encryption status:

ls -A /home

There should be a .ecryptfs folder, if you have encryption of your home folder.