Encrypt home dir with ecryptfs on Fedora

It is pretty easy to access your unencrypted data, if someone have physical access to your computer.
That is where ecryptfs encryption comes in. It will make sure your laptop, if lost or otherwise accessed by unauthorised user, is harder to extract data from.
When encrypted,data cannot be accessed unless user has entered proper login key, or unlocked via ecryptfs-mount command.
Some caveats: When user logs in, the encrypted homedir is unlocked, making user homedir accessable for root or wheel users, and will remain so untill reboot/shutdown.

Swapspace can also be encrypted,this though, will disable hibernation ability.

Make sure ecryptfs is installed. Add user to group ecryptfs, encrypt homedir.

Log in as root

  • dnf install ecryptfs-utils
  • sudo usermod -a -G ecryptfs user
  • sudo ecryptfs-migrate-home -u user

 

Log out root.   NOT REBOOT

 

Login as user and run:

  • ecryptfs-unwrap-passphrase

When user/data is checked, and all is present, remember to delete the /home/user-?????? folder that was made as backup

Recommended to encrypt swap partition.

  • ecryptfs-setup-swap
  • reboot

To recover an encrypted homedir, login as root/wheel user, run ecryptfs-recover-private, enter passphrase, navigate to /tmp/ecryptfs.xxxxxxxx