Ubuntu – given the option to also encrypt the home folder after I’ve selected system encryption

I use the following two encryption programs: truecrypt and openssl; the first allows you to create any size of encrypted container, and the second allows you to encrypt individual files; folders must be tarred before encrypting, as the target to be encrypted must be one single chunk of data.

• Truecrypt is an excellent program, but is not available in the repositories, so you must go to truecrypt.org to download the program; you want the 'standard' version, and it is available in 32 or 64bit. After downloading, open the terminal and cd to the containing folder and enter tar -zxvf <truecrypt download file>, and then chmod +x <truecrypt setup file>, and then sudo ./<truecrypt setup file>. (You need to use sudo as it will install to the system folders.)

• Then follow the onscreen prompts and truecrypt will be installed. After that it is best to run it as normal user when you want to create a volume, but with gksudo when you want to mount a volume. (If you create a volume as gksudo, root will own it, and so you would have to chown it for your user to regain ownership.)

• When creating a volume in truecrypt, there are a lot of options, and even whole usb flash drives, external hard drives, internal hard disk partitions, and more can be encrypted. Even though a long discussion of these aspects of the program is not relevant to this answer, there are several other important things to note. In particular, it can be useful to format the truecrypt volume's filesystem in FAT32. The volume will then be easy to open if the file is transferred to a Windows system, as a volume created with the FAT32 option will be able to be opened by the Windows truecrypt executable.

• The volume truecrypt creates is in a sense similar to that created with virtualbox; i.e. a virtual disk with its own filesystem. There is good documentation on the site that explains in great detail how to use the program. Also, after installation the pdf guide should be in /usr/share/truecrypt/doc/TrueCrypt User Guide.pdf.

• I also use openssl (installed as default) to encrypt various files and tarred archives. I use the same commands as given in this section of the Unix toolbox, but I repeat them here for completeness, credit to Colin Barschel. The first command encrypts; the second decrypts in both the files and the folder examples:

  For files:

  Encrypt:

  openssl aes-128-cbc -salt -in file -out file.aes 
  

  Decrypt:

  openssl aes-128-cbc -d -salt -in file.aes -out file
  

  For tarred folders:

  Encrypt:

  tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes   
  

  Decrypt:

  openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f - 
  

Are you upgrading a previous install (or using an existing Home partion)?

If so this is most probably because you previously installed Ubuntu with an encrypted home folder. The installer automatially detects this. You cannot unset "Encrypt my home folder" as you would not be able to access your files otherwise.

It is very important that you select the same login password as before. If needed you can change it after the instalation.