Ubuntu: encrypted private folder for user

Have you ever wanted to protect your sensitive data on your Linux workstation so that nobody (even the root user) would be able to access it without providing the proper password? Recently I had this problem but fortunately it is not that difficult to achieve on Ubuntu box.
I hope that you find the instructions below useful as these were the commands that I used to create/mount and use an encrypted folder. First of all you need to install the ecryptfs-utils package - it is in official repos:

krychu@krystianek:~$ sudo apt-get install ecryptfs-utils
[sudo] password for krychu:
Reading package lists... Done
Building dependency tree      
Reading state information... Done
...

Next you need to setup the encrypted private folder as follows:

krychu@krystianek:~$ ecryptfs-setup-private
Enter your login passphrase:
Enter your mount passphrase [leave blank to generate one]:
Enter your mount passphrase (again):

************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************

/sbin/restorecon
/sbin/restorecon

Done configuring.

Testing mount/write/umount/read...
Inserted auth tok with sig [cbb481a8ce68b47a] into the user session keyring
Inserted auth tok with sig [d38d63afc3777fe9] into the user session keyring
Inserted auth tok with sig [cbb481a8ce68b47a] into the user session keyring
Inserted auth tok with sig [d38d63afc3777fe9] into the user session keyring
Testing succeeded.

Logout, and log back in to begin using your encrypted directory.         

Now by default the encrypted private folder will be automatically mounted during next user logon (if you want to change that behavior) but there is also a possibility to explicitly mount/umount it - below you can find commands/instructions to achieve that:

krychu@krystianek:~$ ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [cbb481a8ce68b47a] into the user session keyring
krychu@krystianek:~$ mount
...

/home/krychu/.Private on /home/krychu/Private type ecryptfs (ecryptfs_check_dev_ruid,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs,ecryptfs_sig=cbb481a8ce68b47a,ecryptfs_fnek_sig=d38d63afc3777fe9)
krychu@krystianek:~$ ecryptfs-umount-private

Disable auto-mount for encrypted private folder

The auto mounting of the encrypted Private folder is controlled by the presence of the empty auto-mount file in the $HOME/.ecryptfs/ directory. If you would like to remove it then just follow the instructions (remove it from this folder):

krychu@krystianek:~$ cd .ecryptfs/
krychu@krystianek:~/.ecryptfs$ ls
auto-mount  auto-umount  Private.mnt  Private.sig  wrapped-passphrase
krychu@krystianek:~/.ecryptfs$ rm auto-mount auto-umount
krychu@krystianek:~/.ecryptfs$ 

After the next login the encrypted Private folder will not be automatically mounted. The user will have to explicitly call the ecryptfs-mount-private command in order to mount it.