Encrypted Home Directory

Registered by Dustin Kirkland  on 2008-11-17

Encrypted Private Directories were implemented in Ubuntu Intrepid as a secure location for users to store sensitive information.

It was also a stepping stone, establishing the basic building blocks (userspace tools, pam hooks, etc) for a more ambitious goal--encrypting home directories.

While the Private directory is useful, it still involves some manual intervention to really secure things like .ssh, .mozilla, .gnupg. Intrepid users are instructed to move these folders into the Private directory, and symlink them back into place. Clearly, that doesn't scale to "usable" by the Ubuntu masses. Additionally, programs such as thumbnailers, and trash collectors can inadvertently copy sensitive data to their own cached data stores in the user's home directory, thereby subverting the encrypted protection.

This blueprint suggests rounding out the Encrypted Private Directory tools to be usable on the user's entire home directory, and enabling this as an option in both the Server, and the Desktop installers.

This also involves providing the userspace support for eCryptfs Filename Encryption, and the backport of the kernel patch from 2.6.29 to Ubuntu's 2.6.28.

:-Dustin

Blueprint information

Status:
Complete
Approver:
Rick Clark
Priority:
Low
Drafter:
Dustin Kirkland 
Direction:
Approved
Assignee:
Dustin Kirkland 
Definition:
Approved
Series goal:
None
Implementation:
Implemented
Milestone target:
milestone icon jaunty-alpha-5
Started by
Dustin Kirkland  on 2008-11-18
Completed by
Dustin Kirkland  on 2009-04-17

Whiteboard

Beta available for Jaunty!

For testing, see:
 * http://blog.dustinkirkland.com/2008/12/ubuntu-jaunty-encrypted-home.html

To Do:
 * merge ecryptfs-utils-67 into Jaunty
 * get adduser patch sponsored into Jaunty
 * patch the server installer for "adduser --encrypt-home" option
 * patch the graphical installer for "adduser --encrypt-home" option
 * patch system-tools-backends for "adduser --encrypt-home" option

:-Dustin

(Jerone Young) How does a user recover their data if they loose there password ? If there is no infrastructure for recovery this should not be placed in the installer.

(Mike Rooney) Jerone, if there was a way to recover the data without the password, the encryption would serve no purpose. If a user wants to be able to access their data without a password then they don't want encryption. However it is important that we make this clear to the user; they definitely have to be made aware of the importance of storing their encryption password in hard copy or otherwise securely persisting it. Something like a slider was suggested for Ubiquity like IE security where you slide between say "Convenience" and "Security" and the consequences of both are discussed.

(?)

Work Items