{"id":46532,"date":"2024-05-07T16:30:53","date_gmt":"2024-05-07T16:30:53","guid":{"rendered":"https:\/\/ubuntuhandbook.org\/?p=46532"},"modified":"2024-07-23T12:16:19","modified_gmt":"2024-07-23T12:16:19","slug":"encrypt-home-ubuntu-24-04","status":"publish","type":"post","link":"https:\/\/ubuntuhandbook.org\/index.php\/2024\/05\/encrypt-home-ubuntu-24-04\/","title":{"rendered":"How to Encrypt Your Home Folder in Ubuntu 24.04"},"content":{"rendered":"

\"\"<\/a><\/p>\n

This is a step by step beginner’s guide shows how to encrypt your home directory in Ubuntu 24.04 LTS.<\/p>\n

As you may know, the new installer in Ubuntu 24.04 only supports encrypting the entire disk. If you want to dual boot Ubuntu with another OS in single disk, there’s no option so far to encrypt only the Ubuntu file-system partition.<\/p>\n

In the case, you may choose to encrypt your home folder to keep personal data and files safe.<\/b><\/p>\n

There’s NO visible difference after encrypted your home directory. You can login just like before, read and write files, run apps and play games. Because, it’s automatically decrypted using your password.<\/p>\n

But, if you lost your computer\/laptop, then no one can access your files in the home folder, without the login password or the encryption passphrase. Accessing from another operating system will show something like the screenshot below shows you:<\/p>\n

\"\"<\/a>

Encrypted home is not accessible from other machine or OS<\/p><\/div>\n

<\/p>\n

Step 1: Install the encryption tool<\/h3>\n

Ubuntu installer used to have an option to encrypt home folder, which uses eCryptfs for encryption. However, this option is no longer available in Ubuntu 24.04 installer.<\/p>\n

To install the tool, press Ctrl+Alt+T<\/code> to open up a terminal window and run command:<\/p>\n

sudo apt install ecryptfs-utils cryptsetup<\/pre>\n
Run sudo apt update<\/code> to refresh package cache if the package not found.<\/i>
\n\"\"<\/a><\/p>\n
Step 2: Create a temporary admin account<\/h3>\n
You need to log out the user account, whose home folder you want to encrypt. And, use another admin account to do the encryption process.<\/p>\n
To create a temporary admin account in Ubuntu Desktop, do:<\/p>\n
    \n
  1. Open “Settings” from top-right system status menu (aka Quick Settings).<\/li>\n
  2. In “Settings”, navigate to System -> Users<\/code><\/li>\n
  3. Next, click Unlock -> Add User …<\/li>\n
  4. Finally, insert a username, enable “Administrator” option, and set password.<\/li>\n<\/ol>\n
    \"\"<\/a><\/p>\n
    For Ubuntu Server, simply run the command below to add user. In the process, it will ask to set a password for the new account, and configure some user information (it’s OK to hit Enter for all).<\/p>\n
    sudo adduser temp_user<\/pre>\n
    Then, grant sudo permission to the account by running command.<\/p>\n
    sudo usermod -aG sudo temp_user<\/pre>\n
    Step 3: Encrypt home folder<\/h3>\n
    Now, log out the user account whose home folder you want to encrypt. Then, login with the new admin account (temp_user<\/code> in the case).<\/p>\n
    NOTE: The command below will make a backup of the home folder! Just in case, it’s BETTER to manually do an additional backup of your important data.<\/b><\/p>\n
    1. After logged in with the temporary admin account, press Ctrl+Alt+T<\/code> to open terminal, and run command:<\/p>\n
    sudo ecryptfs-migrate-home -u THE_USER_NAME<\/pre>\n
    Replace the THE_USER_NAME in command with the username whose home folder you want to encrypt.<\/i><\/p>\n
    The command will first asks for typing the current temporary user’s password for permission running this command, then asks for target user’s password.
    \n    \"\"<\/a><\/p>\n
    2. When done, you should get the following terminal screen with some notices. They include:<\/p>\n