Make it easy to use file/partition/disk encryption

Registered by Tim Blokdijk

Many people and organisations have a need to keep data secure.
From a personal diary to healthcare records in a hospital.
At this moment it is not very easy to encrypt and decrypt data on a Linux system.
Having an easy GUI and commandline tool to manage encrypted data would be helpful.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Low
Drafter:
Shrirang
Direction:
Needs approval
Assignee:
iGeeks
Definition:
Superseded
Series goal:
None
Implementation:
Not started
Milestone target:
None
Completed by
Tim Blokdijk

Related branches

Whiteboard

Could the contents of the whiteboard be moved to a wiki page, please? It's gotten hard to detect changes.
Sascha Silbe (31-05-2007)

---

Would seahorse work for this, with its nautilus script? Though it crashes in Dapper while decrypting (reported upstream) -towsonu2003 11/05/2006

How about AES symmetric enrcyption bunddled with a simple & lightweight UI? - Shrirang 15-FEB-2007

---

There are quite a few ways to encrypt data it's just that not a single encryption method seems to be truly supported. I don't dare to encrypt the healthcare records in my organisation in fear that if things go bad (hdd corrupts something for example) I'm left with a unreadable binary blob.
But at this moment we have the risk that if the servers would be fiscally stolen those (unencrypted) records can be misused.

----------------

How do you distinguish whether the encrypted data is really corrupted or deliberately tampered. i was just thinking whether it is safe to decrypt it in case any discrepancy is found. i request you to comment on this.

Shrirang(27-FEB-2007)

----------
Another case is on a laptop where you just want to keep some stuff secure just in case someone else walks off with it.
However one feature I think I've seen on other OSs is that on suspend/hibernate you would have to reenter the key - I can't see an easy way to implement that on top of something like LUKS.

DaveGilbert(20-Apr-2007)
I added this to the Wiki specification -- Tim Blokdijk

----------------

It would also be nice if encryption option could be available during install. There are several howtos that explain how to install on an encrypted root but nothing so far that could be easily integrated in a corporate / health environment

Luis Lopez (27-Apr-2007)

---------------------------

I think what we are dealing with is two separate issues:

1) Encryption of files and folders, this could be achieved in a clunky manner by creating a program to encrypt / decrypt a given file / folder. Better yet would be for this to be in nautilus so that the encrypted folder can be handled like a real folder, even though its not a real folder.

2) Encrypting of partitions, this can be achieved by using dm-crypt, but its not easy to set up. it is possible to encrypt everything but /boot using dm-crypt and a initrd. My hope is that we can get this to be included into the installer as an option for notebook users.

Thats the way I see things

James (02-05-2007)

---

I'm actually working on some JavaCard Applets for replacing the OpenPGP Card Hardware (http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html) for more portability.

http://www.fsfe.org/en/card

Why not use the Card (OpenPGPCard or JavaCard) for encryption?
So, users just use the Card with some USB Card reader and PIN (instead of Passphrase) to encrypt / decrypt files (/the whole system) and sign mails and IM-communication by-default in Ubuntu?

Everything simple and safe.

--Ferdi 02/05/07

TrueCrypt http://encfs.sourceforge.net/ and EncFS http://www.truecrypt.org/ are two tools worth considering.
TrueCrypt can create an encrypted device in a file or partition. EncFS can create an encrypted device in a file.
Both tools can be run without super user privileges.

---

It would be good if card based key systems worked with whatever system is the output of this blueprint; however
they mustn't be required.

I've been tending to think in the direction of encrypted partitions rather than individual files;
if it was a file based system I'd want to at least be able to specify that a whole directory was
encrypted including automatically any new files created in there.

-- Dave 2007-05-05

Hi!
I often use encfs and I need a GUI.
I start to code one using Qt4.
There are a lot of things to do but the last commit is enough to mount/unmount and create encrypted volumes. You can find it on Google Code ( http://code.google.com/p/enqfs/ ).
Everyone can help me to code, add feature or anything else.
Contact me for any question or information.
-- Florent 2007-05-31

-----------

TrueCrypt has major encryption functionality and has developed a GUI for Ubuntu. 5.0 marks the ability to install on Mac OS X and a Linux GUI. It was already available on Windows. It can be downloaded here: http://www.truecrypt.org/downloads.php

--Brett Alton (2008/02/07)

EnqFS development is stopped. Fusible is a better way to do exactly the same thing and more. It can list all FUSE mount mounts including EncFS one. A plugin is available to mount, create and manage EncFS mount points.
Others informations here : https://code.edge.launchpad.net/~spomky/fusible/fusible
.deb for i386, amd_64 and lpia available.
-- Florent 2008-02-07

-----------

This could be done easily with a nautilus script for encfs, if you're looking to encrypt whole folders. In case anybody's interested in setting it up (it's easy to do), I'll give a shameless plug to my blog: http://blog.sambull.org/linux/tips/easily-encrypt-folders/
-- Sam Bull 2011-01-15

(?)

Work Items