Encrypt your home directory in Kali Linux

Full disk encryption requires you to enter a password on boot, and isn’t the smoothest experience. It is the best approach from a security point of view, but I’m a believer in practical compromises. With linux, for me that means transparent home folder encryption.

First of all, make a copy of your home directory, so that this doesn’t become a fancy way of wiping your computer. Make sure you are not logged in as the user whose directory is being encrypted, otherwise you will get a failure saying that ecryptfs cannot proceed.

Once this is done, you should generate a key for recovery, by running  ecryptfs-unwrap-passphrase as the encrypted user.

For complete protection, if you can live without hibernate/resume capabilities, you can encrypt your swap space (you’ll still keep suspend/resume) by running  ecryptfs-setup-swap. Personally, my laptop has sufficient RAM that I disable swap entirely. You can do this by:

Now the last step is to repeat all this for the root user.

Leave a Reply