75.10 Home Encryption
See Section @ref(sec:user_accounts) for information about setting up encrypted user accounts.
20190121 On installation, depending on distribution, Ubuntu
will ask if you want to encrypt your home files when you set up user
accounts. This will protect data sitting at rest when you are not
logged onto the computer, protecting it against exposure or theft. It
protexts most user data but some data will live in
/home locations whilst some sensitive data may live
in the swap partition.
Full disk encryption is a common alternative, protecting the whole disk at rest. The disk is then decrypted at boot time and remains decrypted whilst the system is active.
When adding new users their home folder can be encrypted:
$ sudo adduser --encrypt-home <user>
For a pre-existing user -, ecryptfs - migrate, home can be used. This needs to be run from another user account. If there is a single existing user (kayon) then create a second user account (sudo adduser tmp) and from that second user’s login, encrypt the first user’s home (and vice-versa for the second user’s home if that account will be longer living).
tmp@host$ wajig install ecryptfs-utils cryptsetup tmp@host$ sudo ecryptfs-migrate-home -u kayon
Log out of tmp and log into kayon. Then print and record the recovery passphrase for future recovery if required.
kayon@host$ ecryptfs-unwrap-passphrase Passphrase: <password>
Now reboot, login as the second user (tmp), and try using sudo to list the first user’s home:
tmp@host$ sudo ls /home/kayon Access-Your-Private-Data.desktop README.txt
Consider also encrypting the swap partition. Hibernate will be affected by this, though suspend will be okay.
$ sudo ecryptfs-setup-swap
Your donation will support ongoing development and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2021 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0.