full circle magazine #65

13

H

H

O

O

W

W

-

-

T

T

O

O

Written by Paddy Landau

A

A

d

d

d

d

E

E

n

n

c

c

r

r

y

y

p

p

t

t

i

i

o

o

n

n

W

hen you installed

Ubuntu, perhaps you

didn’t opt for

encryption; or, you

added a user without encryption –

but now, you have changed your

mind and want encryption. In other

words, you (or another user on the

computer) wants, but does not

have, encryption.

How do you add encryption

after the event?

Fortunately, this is quite easy.

There are three main steps:

• Make an encrypted copy of your

folder.

• Remove the original unencrypted

folder.

• Encrypt your swap area. (You

need this last step only the very

first time you encrypt, whether it

was during installation or

following this how-to.)

I have tested this on Ubuntu

Precise 12.04 (fully updated).

Prepare

Due to an existing bug, you will

not be able to log in if your

wallpaper is in the home folder of

the user to be encrypted. If the

user has customized the wallpaper,

please ensure that it is not stored

within their home folder.

This procedure is safe as it

creates an encrypted copy of your

home folder. That does mean,

however, that you will have

sufficient space on your disk. If you

don’t have enough space, please

back up your data, delete large

files (e.g. movies), and restore

them after encryption. (I normally

recommend that you back up all

your data anyway in case of

accidental problems.)

Using your favorite package

manager, install ecryptfs-utils.

Encrypt

In this how-to, I’ve used my

name paddy as the user. Please

replace it with the user to be

encrypted.

Boot into Recovery Mode (when

you boot, press and hold Shift until

you get the Grub menu. The

“recovery mode” is usually the

second item from the top).

At the Recovery Mode menu,

select Drop to root shell prompt.

Enter the following commands

to fix existing bugs.

mount --options remount,rw /

mount --all

The following command

prompts for your password and

makes an encrypted copy of your

folder.

ecryptfs-migrate-home --user

paddy

When it has finished running,

you will see some warnings. Ignore

the warnings; but you do need to

take a note of the temporary

folder that it has created. It looks

something like

/home/paddy.ChPzzxqD, but the

last eight characters will be

random. You’ll need it when you

Finalize or Revert below.

Enter the following command

to reboot (it may take several

seconds to get going, so be

patient).

reboot now

Finalize

Now, log in normally. Does

everything work?

If it did not work, skip to Revert

below.

If it did work, finish up as

follows:

Open a terminal and enter this

command. Use the random-

character folder that you noted in

step 5 in Encrypt.

sudo rm -R

/home/paddy.ChPzzxqD

Restore any data that you had

deleted (if any) in Prepare above.

Open a terminal and enter the

following command. If you already

had an encrypted user on your

system, you can safely skip this