When I install the Ubuntu16.04, it seems that encrypting the home folder is possible.
I just want to know what it means. I've never selected it before. What will be different if I select it?
If we can encrypt the home folder, is it possible the encrypt any other directory? is it possible to encrypt a disk (for example the system is installed in /dev/sda
and I want to encrypt the /dev/sdb
)?
Choosing that option will enable file-based encryption of files within your home folder. For this Ubuntu uses eCryptFS, a filesystem driver that it mounts into your home directory while you are logged in, performing encryption and decryption transparently.
This setting makes it very easy and transparent to do so - it's just a simple check box and you don't need to worry about mounting and unmounting, where you store the backing (encrypted) data, managing keys and settings, etc. Ubuntu does it all for you. But, it is limited to just the circumstances laid out here: your home directory, using your account password.
This is file-based on the fly encryption, so on disk the files are stored with each other encrypted individually under a directory usually called
.Private
.You can use the ecryptfs-setup-private tool to automate some of the work of setting up other encrypted directories on your system.
If you want to encrypt a whole block device such as
/dev/sda
then you need block-based encryption, not file-based encryption. The tool you want is cryptsetup. Cryptsetup sets up and manages LUKS based encryption - a common format of block based encryption. Note that encrypting an entire system (including the root) carries added complexity due to the need to boot from the system.