If you're looking for cross-compatibility between both encrypted systems, I'd recommend using TrueCrypt.

Since you have a /home partition already, things get a little difficult.

NOTE: MAKE BACKUPS of all files you modify in case this doesn't go totally as planned.

Recommended Backups:

dd if=/dev/sda of=/some/path/mbr.bin bs=512 count=1 #Backs up your Master Boot Record (GRUB2). You should also do this again if you create another partition (once you know it worked correctly).
#You should back up this file in a place that can be accessible both from Windows and Linux. Ideally a flash-drive or external drive.
#Your home folder will be safe until the end when you can delete it. After knowing everything works (you make a backup in the process of this guide)

So, you have Windows and Linux already installed, the first thing you should do it attempt to encrypt your /home partition.

Linux

Firstly download and install the appropriate architecture's .deb file from TrueCrypt.org

Next, you have two choices:

1. Move all folders from /home back to the root filesystem. It's probably best to move them to /home2 for now.
2. Make a partition to house your new, encrypted Linux home folder

---

Choice 1:

First, log out and Ctrl+Alt+F1 and login.

cd /
sudo umount /home
rmdir /home
sudo mv /home2 /home
exit

Ctrl-Alt-F7 to get back to the login screen and log in as usual

Now assuming all went well, remove /home's line in /etc/fstab and format the partition that used to house your /home folder as a TrueCrypt container:

homepartuuid=$(cat /etc/fstab | grep -E "[^#][ \t]/home" | awk '{print $1}' | sed 's/UUID=//')
homepart="/dev/$(basename $(readlink /dev/disk/by-uuid/$homepartuuid))"
echo $homepart #just to make sure we got it, if not set it manually
sudo sed -ri "s/^(UUID=$homepartuuid)/#\1/" /etc/fstab #Comment out /home entry... useful if you screw up and after you re-make the partition.
sudo truecrypt -c $homepart #If you installed the GUI, you have to use that for the process of creating the encrypted partition

Set options as desired. If you installed the GUI version, the goal is to prompt for a mount password before showing the login screen. I'm not sure how the command-line version will react to this. I would recommend using the keyfiles for the command-line version. Make sure you make it an ext2 paritition and not ext3/ext4, if you want it to be readable by Windows with the ext2fs driver for Windows)

---

Choice 2: If you've got the extra space, you can take the easy way out and make a new partition to house your encrypted home folder.

Use gparted or a similar tool to make your new partition (from a LiveCD if you have to resize /home or /)

Reboot.

Now, if you have to use gparted again to find your new partition's device (/dev/sda6, for example). Format the new partition using TrueCrypt. As stated above, I recommend using keyfiles for the command-line version as I don't know if it can prompt for a password. And again, make it ext2 if you want to be able to use it in Windows.

---

Now, mount the new TrueCrypt partition using the GUI or the command line. There are so many options here I'm going to leave it to you to read the TrueCrypt help.

Copy home files to encrypted volume

cp -ar /home/[myusername]/* /media/truecrypt1 #Default truecrypt mount point
cp -ar /home/[myusername]/.??* /media/truecrypt1
#The only thing potentially missing after this are very rare files that are named .?, where '?' can be any character.

Do not delete the files in /home/[myusername] yet!

Now, cp /media/truecrypt1/.profile /home/[myusername]. Also, move your keyfile if you used one to here (insecure!) or know where it can be referenced (as long as it's not inside the TrueCrypt partition.

Add the following line to the end of /home/[myusername]/.profile:

sudo truecrypt /dev/sda6 -k /path/to/key/file /home #Where /dev/sda6 is the TrueCrypt partition. Omit the -k option if you didn't specify a keyfile.

Add this line in /etc/sudoers using visudo: [myusername] ALL = (root) NOPASSWD : /usr/bin/truecrypt

Now, log out and log back in.

Just because you've made it this far doesn't mean anything.

Check the output of mount. If there's an entry that says /home/[myusername], then you're all set! Alternatively, you can check the contents of .profile. If the line we added isn't there, then you were successful!

But! Just to be absolutely sure, reboot and do it from a fresh boot.

If you've made it this far successfully, logout. Ctrl-Alt-F1

cd /
pulseaudio -k #I had to do this in my test install. Found it via: lsof /home
sudo umount /home/[myusername]

and delete everything in /home/[myusername] EXCEPT the .profile file. (You might be wondering what's going on right now. If you weren't paying attention, I overlapped the existing /home with a mount, which hides all files that already existed in /home until you unmount the overlaying filesystem. This is why we can check the .profile file to see if we were successful.)

Finally! Back up your MBR with dd if=/dev/sda of=/path/to/backup/mbr.bin bs=512 count=1. Remember, it must be accessible from both Window and Linux. Run grub-install --force /dev/sda3, where /dev/sda3 is your root filesystem partition.

If something's not working correctly, go through the tutorial again and make sure you did every step. If you're having trouble here, you should probably undo everything.

Undoing choice 1: - Re-format the TrueCrypt partition back to what it was (probably ext4) - Delete the line from /home/[myusername]/.profile. - sudo mkdir /home2;sudo mount /dev/sdaX home2 Where /dev/sdaX is the re-made /home partition - sudo cp -aR /home/* /home2 - Verify your files (especially dot files) - sudo umount /home2;sudo rmdir /home2 - sudo rm -R /home/* - Then, uncomment the line in /etc/fstab that starts with #/dev/sdaX.../home - sudo mount -a - Log out and back in

Undoing choice 2: - Open Gparted and put your partition back the way they were (probably a delete and expand operation. This will probably take logging out, Ctrl+Alt+F1, login, cd /;sudo umount / home; sudo su and using parted instead. Or you can boot from a LiveCD to resize your /home partition). - Back in your normal system, Remove the added line from .profile - Log out and log back in

Windows

Reboot into Windows and run the TrueCrypt full disk encryption. This will place a new TrueCrypt MBR onto your disk.

This is the easy part.

How to Select Between Windows/Linux

Some of you might be packing right now because your boot screen doesn't look like it used to. Well, we prepared for this by installing grub to your root partition instead of the MBR. When the TrueCrypt screen shows up, hit ESC to be kicked into the GRUB2 bootloader - ideally.

If it doesn't work download "dd for Windows" and running dd.exe if=F:\path\to\backup\mbr.bin of=\?\Device\Harddisk0\Parition0 (may have to run it with administrator privileges).

To encrypt the Ubuntu home, just select that option (at the bottom) during the installation.

https://help.ubuntu.com/community/GraphicalInstall?action=AttachFile&do=get&target=install-step5.png

As for Windows, what version do you use? Truecrypt seems to offer system partition encryption, and I've heard the W7 had some encryption options.