Differences between revisions 24 and 25
Revision 24 as of 2018-04-16 10:02:36
Size: 1431
Editor: ?MaikelLinke
Comment: rsync is needed to run `ecryptfs-migrate-home`
Revision 25 as of 2018-05-12 18:07:23
Size: 1436
Editor: ?ReubenHonigwachs
Comment: Without lsof ecryptfs-migrate-home will not be able to check the user is logged out and has no open files.
Deletions are marked like this. Additions are marked like this.
Line 13: Line 13:
sudo apt-get install ecryptfs-utils rsync sudo apt-get install ecryptfs-utils rsync lsof

Translation(s): English - Italiano

Transparent Encryption For a User's Home Folder


First install the packages ecryptfs-utils and rsync:

sudo apt-get install ecryptfs-utils rsync lsof

Then load the ecryptfs kernel module:

sudo modprobe ecryptfs

And make it permanent in /etc/modules-load.d/modules.conf.

Assisted Encrypted Home Directory

The user whose home directory you want to encrypt MUST NOT be logged in. For example, you can be logged as root in a tty.

Then run as root:

ecryptfs-migrate-home -u <username>

When this is done the user must login BEFORE rebooting the computer.

If the user can access the files in the users home directory you can remove the backup folder in /home/<username>.<random characters>

The user should also run this command to get the random encryption key and store it in a secure location (outside the encrypted home directory and not on the same machine) in case a recovery is needed:


Assisted Encrypted Swap Partition

To encrypt the swap partition too:

sudo apt-get install cryptsetup
sudo ecryptfs-setup-swap

CategoryDesktop CategoryQuickIntroduction