This document belongs to Manual Full System Encryption (with Extras).

1. Introduction

Before starting this document, you should have already read:

In addition, you need to know the following.

  • Do you already have another system on your computer that you want to keep (e.g. Windows), or would you rather wipe it out and start afresh with only Ubuntu?

The purpose of this document page is to ensure that everything is ready before you start the installation.

2. Passphrase and password

The two terms passphrase and password are usually synonymous, but for the purposes of this document, "passphrase" will be the encryption key to access the computer, and "password" will be the password to log in to your account. Refer to Caveats in the main document.

For your system, you will need:

  • A system passphrase to access your computer. If you have more than one user, each user (up to a total of seven people including you) can have their own passphrase. This is covered in the instructions.
  • A data passphrase, but only if you want to hold your data on a separate partition or drive from your system. Only the administrator needs this passphrase.
  • A password for your Ubuntu login (once you have installed Ubuntu). Other users can set their own passwords once they have been given access.

Both the system passphrase and the password should be strong, easy to type, and something that you can remember, but not something that someone else can figure out — not the easiest combination to get right!

The data passphrase does not need to be easy to remember or type, because you are unlikely to use it after you have completed the installation.


  • If you lose or forget your system passphrase, you will be unable to access your computer.
  • If you lose or forget your data passphrase (if you have one), you will be unable to access your data in the case of your installed system becoming corrupt or damaged.
  • If you lose your Ubuntu account password and you have enabled home folder encryption (not covered in these instructions), you will be unable to access your data.

Therefore, keep a record of your system passphrase, your data passphrase if you have one, and your Ubuntu account password. Store them somewhere secure (such as in a safe), and not on your computer!

It should go without saying, but I'll say it anyway:
Take a daily backup of all of your important data. If you don't know how to go about this, refer to Support in the Troubleshooting for how to ask for help.

2.1. Choosing a passphrase and password

In choosing a strong passphrase or password, it is recommended to have a mix of uppercase and lowercase letters; digits; and other characters. Because keyboards are not all the same, it is recommended to use only characters typically available on all keyboards for your language in all of its dialects.

For English, the recommended range of characters is as follows.

  • A–Z
  • a–z
  • 0–9
  • A space
  • Any of these characters:
    • ! " # $ % & ' ( ) * + , - . / :
      ; < = > ? @ [ \ ] ^ _ ` { | } ~

Use any other characters at your own risk — for example, you might be tempted to use £ or é, but it's best not to do so.


  • The keyboard that you use makes a huge difference. For example, I used a UK keyboard on installation but forgot to tell the installer that it was a UK keyboard, so it assumed a US keyboard. The keystrokes were different from what I thought that I had typed. For example, the at-sign (@) changed to the double-quote ("). As the passphrase is not displayed while typing, I didn't realise that it had happened.

  • For maximum safety, stick to the only the most common characters. For English, those are uppercase letters, lowercase letters, digits, and just the basic punctuation. It is possible to change your passphrase afterwards, although this isn't documented in these instructions.

2.1.1. References

cryptsetup FAQ (scroll down to "1.2 Warnings" > "Passphrase Character Set")

ASCII code chart

3. Preparing a Live DVD or Live USB

You will need a Live DVD (often called a Live CD for historical reasons) or a Live USB. Either will do, as they perform identical functions, but setting up and running a Live USB will be significantly quicker.

  1. Download your choice of Ubuntu; the latest LTS (long-term support) version is usually recommended (at the time of writing, this is version 18.04). For older, low-specification computers, you can instead download Lubuntu. Lubuntu is a version of Ubuntu that uses far less resources, but is every bit as capable, and these instructions work just as well.

  2. Once you have downloaded the file, install it onto a blank DVD or USB stick (the latter is preferred). Go to the Ubuntu download page, scroll down to "Easy ways to switch to Ubuntu", and select "How to burn a DVD" or "How to create a bootable USB stick" on Ubuntu, Windows or MacOS, according to which system you have.

4. Partitioning requirements

You need sufficient space on your computer to proceed. If you do not intend to have any other system, it makes it easier; but if you already have another system that you wish to keep (e.g. Windows), a bit of calculation is needed.

Once you know how much you need, you will have to ensure that sufficient space is made available.

4.1. Prepare the partitions

  1. Proceed to prepare the partitions to do the calculations and prepare your system for installation.

  2. When done, return here.

5. Summary

By now, you should have some spare space on your system drive where your new system and data will go.

If you are using a separate drive for your data, you will have spare space on your system drive for your new system and spare space on your separate drive for your data.

This ends the high-level overview, and you can return to the main document to continue to the next section.

ManualFullSystemEncryption/Overview (last edited 2018-08-21 15:21:16 by paddy-landau)