Linux Mint – Encrypting your home folder

How to Install Docker on macOS

While it’s true that protecting your computer accounts with a password will help prevent someone from logging in to your PC and using your operating environment without your knowledge, this alone will not prevent others from accessing your files when you are offline. As you recall, Linux Mint features a live CD that includes a fully usable operating environment, complete with a web browser and file manager. In fact, most Linux distributions feature live CDs nowadays, which are useful for much more than just booting an operating environment.

With a live CD, you can directly access the underlying hard drive of the computer, regardless of the operating system installed on it. Even if your user account is password protected, a live CD would bypass all the permissions on the underlying filesystem and allow the files to be freely viewed. This means that if your computer were to ever get stolen or fall into the wrong hands, your files would be easily accessible to anyone. Without encryption, an attacker could simply boot a live CD of their own on your computer and access whatever they like.

Thankfully, Linux Mint provides you with an option to encrypt your home folder during its installation. If you do so, an attacker would not be able to read your files without knowing the encryption key. If encrypted, your home directory would only be decrypted when you log in using your password. Without this password, the files would be invisible to anyone else. This means that if your machine is ever stolen or accessed offline, you can be reasonably confident that your files would be safe. The following screenshot shows the option to encrypt your home folder during its installation:

Unfortunately, encrypting your home folder in Linux Mint does come with a downside that you need to consider. As mentioned earlier in this tutorial, Linux Mint does not include an upgrade option, so you aren’t able to switch from one version of the distribution to another without doing a full installation again. This means that if you want to reinstall Mint but also retain your data, you would need to use a separate home partition and make sure not to format it when installing the new version.

However, if this home partition was encrypted, you wouldn’t be able to easily retain it from one installation of Mint to the other, as the encryption key would have changed. Therefore, you would need to back up all your files outside of your computer, install the new version of Mint, and then copy your files back.

Although this decision may be tough, it is an important one when planning out your Linux Mint installation. If you choose not to encrypt your home directory, it will be much easier to later migrate to a new version of Linux Mint, though your files would be easily accessible to an offline live CD attack. If you do encrypt your home folder, you will need to transfer your files out of your system during the installation and then back into it after the installation is complete; with encryption, your system will be much more protected. If you’re using Linux Mint with corporate data or even financial records, it is definitely a good idea to encrypt your home folder.

Note

It’s also possible to encrypt your home directory, or even create other encrypted folders on your system using tools such as TrueCrypt. In addition, you can encrypt your home folder after your installation is complete, but doing so anywhere else during the installation process is not supported and is at your own risk. As always, back up your data before you encrypt it, just in case the encryption process fails.

Comments are closed.