By encrypting your home folder, you make it impossible for someone who steals your laptop to see the files in your personal home folder.

Remember that your home folder is:

/home/<username>

where <username> is your Debian username.

• A laptop with a Debian(-based) operating system.
• Enough free space on your hard drive to encrypt your /home/<username> folder.

Following the steps in this manual require free disk space 2.5x the current size of the home directory. Once successful, you can recover most of this space by deleting the cleartext directory.

First of all, you should make regular backups already. Before encrypting your home folder, make another backup like your regular ones.

Install the encryption migration tool:

sudo apt install ecryptfs-utils lsof rsync

Reboot your laptop:

sudo reboot

Switch to tty3:

Ctrl + Alt + F3

Log in to your root account:

• username: root
• password: the password of your root account

sudo ecryptfs-migrate-home -u <username>

The encryption process can take a while depending on the size of your /home folder.

After the process completes, reboot your laptop.

Log in to your own <username> account. The migration resulted in two folders in your /home folder:

• /home/<username>: This is your encrypted /home folder now.
• /home/<username>.<randomstring>: This is the backup that was made during the migration.

Check if everything still works, if your documents are accessible and whether the two folders are equal in size.

Then, remove the backup folder that was made during the process. In this guide, we overwrite it several times so that it cannot be recovered.

Find out the backup folder name:

cd /home
ls

There should be a folder <username>.<randomstring>.

Change directory to this folder:

cd <username>.<randomstring>

Overwrite it:

find . -exec shred -n1 {} \;

This can take a while.

Remove the backup folder:

rm -r .

Congratulations, you have encrypted your home folder!