Encrypting your Home Directory Post Install

You cannot encrypt your Home directory while you are logged in, and you need root privileges to encrypt a user’s Home directory. So, you need to create a temporary administrator account. I called mine migrate (password migrate). While you are logged in, open a terminal and:

sudo adduser migrate admin
sudo passwd migrate

You will then be prompted for a password, I entered:

migrate

and then

migrate

You also need to have enough space in the partition where your Home resides to hold both a temporary copy and the encrypted copy of your Home while the conversion is running. You may need to delent some files, empty the trash or move some files to another disk to create the space you’ll need. I certainly did. Then log out of the account you want to encrypt and log back in as user migrate

Next open a terminal and begin:

ecryptfs-migrate-home -u <username>

replacing <username> with the name of the user that you want to encrypt.

The ecryptfs-migrate-home script will guide you through the process of encrypting the user’s Home directory which is a relatively short/quick process. On both of my systems, there were processes still running under my <username> (xplanetfx on one and xflux on the other) even though I was logged out. The migration scrypt failed until I killed those processes. After the script completes it will tell you to log in as the user you just migrated BEFORE you reboot.
YOU NEED TO DO THIS

So, login and check to make sure you receive no odd errors/messages during login and that all of the user’s files/directories exist.

Shortly after you login, a terminal will open and prompt for your users password. Note it will say “Passphrase”. So enter your password and it will spit out a long string which you can use to unlock your Home if your password gets messed up. Copy it somewhere safe, remember it’s a key that will unlock your encrypted home so if you store it somewhere a thief can find it, you’ve defeated the whole point of encryption. And if you store it in your encrypted Home directory you won’t have access to it if you need it. In my case I saved it a Lastpass secure note.

If you lose it, you can perhaps get it back later using

ecryptfs-unwrap-passphrase

Merely supply your user password when it prompts for “Passphrase” and save the value it returns in a safe place. Of course this won’t work if your problem is a lost or messed up password.

Next, test to make sure your Home directory is actually encrypted.

The next to last step is to remove the temporary home directory the ecryptfs-migrate-home script created. So, once you are certain everything was properly migrated, you should delete it. In my case it was named /home/.OkOsmAlN. Open a terminal and:

rm -Rf /home/<username>.OkOsmAlN

Finally

sudo deluser -f migrate

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: