Ubuntu encryption: How to secure the system
In the past few years, data encryption has become an increasingly important topic and Ubuntu offers various options for this. In this practical tip, we will show you how you can encrypt the system in Ubuntu.
Encryption for new installations
Since version 12.10 Ubuntu offers the possibility to encrypt the system with a new installation. During the installation you will be asked how you want to install the system.
- Here you select "Erase hard drive and install Ubuntu". Then you can also choose "Encrypt the new Ubuntu installation for security".
- Now select a security key that must be entered each time the system is started. You can select the key yourself and, if necessary, keep it in a safe place.
- Your system will now be installed encrypted.
Encryption with existing Ubuntu installation
If you already have an existing Ubuntu system, there are two options: either you only encrypt the user's directory or you encrypt the entire home directory. With both variants, you must first install the missing files:
- To do this, call the terminal with [CTRL] + [ALT] + [T] and enter the command "sudo apt-get install ecryptfs-utils".
- You will be asked for your password and in the next step you will confirm that the corresponding package can be loaded and installed.
- If you only want to encrypt your private directory, enter the command "ecryptfs-setup-private". Ubuntu now creates an encryption consisting of the user's password and the passphrase.
- Every time you log in and out, your private directory is automatically encrypted. Read the passphrase as a precaution, otherwise you will not be able to access your data in an emergency!
Encryption of the home directory on Ubuntu
First you have to create a new user. From there you can later act with root rights and encrypt your home directory.
- Now enter the command "sudo adduser user" and then "sudo adduser user sudo". This gives him additional root rights.
- Log out and switch to the newly created user. Then open the global terminal with [CTRL] + [ALT] + [F1] and use the login data of the new user.
- The graphical user interface must now be ended with "/etc/init.d/lightdm stop".
- Then encrypt the directory. This is done with: "sudo ecryptfs-migrate-home -u"
- Now all you have to do is start the graphical user interface and switch to it. This is done with "/etc/init.d/lightdm start" and the key combination [CTRL] + [ALT] + [F7].
- Be sure to log in to your correct user account again before shutting down the system!
- Your home directory is now encrypted and you can delete the user "user". In the practical tip "Delete user account on Ubuntu - how it works" we explain this again in detail.