Ubuntu

Encrypted Home Directory Offered to All Users

Registered by Dustin Kirkland  on 2009-04-17

The Encrypted Home Directory option is currently only available in the alternate installer, or on the desktop installer *with a preseed option* (user-setup/encrypt-home=true).

This was pulled from the Jaunty desktop installer due to a few minor usability concerns. This Blueprint suggests that we define those concerns now, and show this option in the Karmic desktop installer.

Discussion Points:
* security: need encrypted swap space (see ecryptfs-setup-swap), need to be able to resume from hibernation to encrypted swap
* usability: need a very clean mechanism for getting the user to record their randomly generated passphrase (currently implementation is passable, but could be improved)
* usability: need a couple of graphic utilities for managing some options (see other blueprint for Jaunty, ecryptfs-ui)
* migration: would be nice to offer a migration utility for enabling/disabling encrypted-home after installation
* security: create a 700 ~/Private directory for all users. expose an easy option to set this up for encryption (if home is not already encrypted). ensure that ~/Private is translatable (xdg-user-dirs?)
* install ecryptfs-utils by default on all ubuntu servers and desktops, such that users can run ecryptfs-setup-private and at least setup a secure private space at any point after installation
* ... anything else?

:-Dustin

Read the full specification

Blueprint information

Status:: Complete

Approver:: Rick Clark

Priority:: Undefined

Drafter:: Dustin Kirkland 

Direction:: Needs approval

Assignee:: Dustin Kirkland 

Definition:: Approved

Series goal:: Proposed for karmic

Implementation:: Implemented

Milestone target:: karmic-alpha-5

Started by: Dustin Kirkland  on 2009-04-17

Completed by: Dustin Kirkland  on 2009-11-02

Related branches

Related bugs

Bug #295429: pam_ecryptfs.so causes authentication to be slow by unnecessary subsequent unwraps of wrapped-passphrase	Fix Released
Bug #353446: GDM auto login won't work with ecryptfs	Invalid
Bug #358283: Untranslatable update notification	Fix Released
Bug #359338: apparmor paths are broken when using ecryptfs	Invalid
Bug #359997: Improve record-your-passphrase dialog	Fix Released

Sprints

uds-karmic

Whiteboard

= Status =
* Encrypted Swap is now in the desktop installer
* Time for testing!
-- Dustin Kirkland

Infrastructure needed:
* encrypted swap
* ui utilities
* remove liboobs (which breaks encrypted private/home on forced password change)
* in graphical adduser utility, should offer an encrypted home option
* migration utility? (should not block on this)
* better internationalization support

Installer:
* unify encryption options, e.g. a radio button showing: none, whole-disk, home directory, ~/Private
* Consider allowing selection of password-assisted swap encryption (luks based) so that hibernation works again -- Miron Cuperman

Bugs:
* https://bugs.launchpad.net/bugs/359338 (apparmor paths are broken when using encryptfs)
* https://bugs.launchpad.net/bugs/295429 (pam_encryptfs.so causes authentication to be slow). fekek hashing iterations should be configurable, and default to something reasonable for low powered systems. With lower values, it may become important to make the fekek hashing iterations variable, so rainbow table generation (and storage) is more painful.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information

Everyone can see this information.

Subscribers

agnathan

Alex Muntada

Artem Orlov

cliftonlai

Dustin Kirkland 

Evan

Fabián Rodríguez

Jamie Strandboge

Jason Brooks

Jeremy Foshee

Kees Cook

Marc Deslauriers

Matt Griffin

Miron Cuperman

Nicolas DERIVE

papukaija

Thomas Hardjono

Tyler Hicks