1

With Ubuntu 14.04 I used to encrypt a Private directory with ecryptfs. Now I am considering enhancing security by encrypting the whole disk, checking the checkbox “Encrypt the new Ubuntu installation for security” during installation of Ubuntu 18.04 LTS. After that, would it still be possible to use ecryptfs to encrypt a Private directory?

Asarluhi
  • 1,477
  • 3
  • 14
  • 33
  • 1
    There are pitfalls to whole disk encryption during install. The biggest being that you can't view your disk from live media should you ever need to repair something that is not permitting you to boot normally. Keep that in mind. https://askubuntu.com/questions/429590/what-are-the-advantages-disadvantages-of-the-new-encryption-feature-in-ubuntu-13 – Steve Mar 12 '19 at 14:41
  • 4
    You can absolutely mount an FDE drive from live media. There is absolutely nothing preventing you from doing so, as long as you have the password. In fact, you can, and should use LUKS to encrypt all of your external hard drives and pen drives. The main danger is of corruption in the head luks files, the place where the key is stored, which means you lose all the files on the drive. That problem can easily be mitigated by backing up those headers in a safe place. In fact mounting a home folder encrypted with ecryptfs on live media is way more trouble than accessing a Full Disk Encrypted drive. – Podesta Mar 12 '19 at 14:57
  • 1
    Yes, it would still be possible. – Bruni Mar 12 '19 at 15:03

1 Answers1

1

Starting with Ubuntu 18.04, Canonical dropped the support for encrypting your home folder with ecryptfs during installation. Full disk encryption is safer and has better performance. That is not to say that encrypting your home folder, and other folders, has no use. Ecryptfs is expected to be replaced by fscrypt, and the option should return to default Ubuntu installations in the near future, but it was deemed not ready for deployment to for version 18.04.

To answer your question directly, yes you will still be possible to encrypt any other folder you might have in your system on top of the Full disk encryption provided by Cryptsetup/LUKS. For that you will be able to use any encryption tool you prefer, be it ecryptfs, veracrypt, fscrypt, and many others. Make sure to read on the functionalities of each and choose the one that better suit your needs.

If you are looking for encrypting your whole home folder and auto-mounting it on user login, expect a bit extra configuration, but again, absolutely possible. For other cases, the setup should be fairly straightforward.

Podesta
  • 1,126
  • 6
  • 14