Encrypting Your Disk

Updated at 2022-06-06 11:44

Encryption During Installation

Ubuntu disk encryption is easy during new Ubuntu installation. The installer will ask you if you want to do it and you just follow the instructions. Just be extra careful to use a strong password and remember it as it will be quite hard to access any files after encrypted without access.

Post-install Encryption

It can be hard to encrypt your whole disk after Ubuntu installation. But you can still go for a "good-enough" security by encrypting your home and swap directories. Home is the place where you should keep all personal information and swap is sometimes used as a temporary storage for memory.

sudo apt install -y ecryptfs-utils cryptsetup

sudo adduser gatekeeper
sudo usermod -aG sudo gatekeeper

# login as the gatekeeper

# encrypt the user home directory,
# this could take a while and requires you to have 2.5x free space vs. the target home
sudo ecryptfs-migrate-home -u ruksi

# login as the original user without rebooting

# test that you can still write and read ok
echo hello > greeting.txt
cat greeting.txt
sudo ecryptfs-unwrap-passphrase
# enter your password and write down the return, this allows decrypting without password

swapon -s  # e.g. /dev/nvme0n1p3
sudo ecryptfs-setup-swap
# if you get "swapon: stat of /dev/mapper/cryptswap1 failed: No such file or directory"
# you might need to reboot here
swapon -s  # e.g. /dev/dm-0

sudo ecryptfs-setup-swap
# WARNING: [/dev/dm-0] already appears to be encrypted, skipping.

# remove the extra user
sudo deluser --remove-home gatekeeper
# remove the backup directory if all seems to be working
sudo rm -Rf /home/ruksi.bT3QJtbw/