Encrypted Home Directory Offered to All Users

Registered by Dustin Kirkland  on 2009-04-17

The Encrypted Home Directory option is currently only available in the alternate installer, or on the desktop installer *with a preseed option* (user-setup/encrypt-home=true).

This was pulled from the Jaunty desktop installer due to a few minor usability concerns. This Blueprint suggests that we define those concerns now, and show this option in the Karmic desktop installer.

Discussion Points:
 * security: need encrypted swap space (see ecryptfs-setup-swap), need to be able to resume from hibernation to encrypted swap
 * usability: need a very clean mechanism for getting the user to record their randomly generated passphrase (currently implementation is passable, but could be improved)
 * usability: need a couple of graphic utilities for managing some options (see other blueprint for Jaunty, ecryptfs-ui)
 * migration: would be nice to offer a migration utility for enabling/disabling encrypted-home after installation
 * security: create a 700 ~/Private directory for all users. expose an easy option to set this up for encryption (if home is not already encrypted). ensure that ~/Private is translatable (xdg-user-dirs?)
 * install ecryptfs-utils by default on all ubuntu servers and desktops, such that users can run ecryptfs-setup-private and at least setup a secure private space at any point after installation
 * ... anything else?


Blueprint information

Rick Clark
Dustin Kirkland 
Needs approval
Dustin Kirkland 
Series goal:
Proposed for karmic
Milestone target:
milestone icon karmic-alpha-5
Started by
Dustin Kirkland  on 2009-04-17
Completed by
Dustin Kirkland  on 2009-11-02


= Status =
 * Encrypted Swap is now in the desktop installer
 * Time for testing!
-- Dustin Kirkland

Infrastructure needed:
 * encrypted swap
 * ui utilities
  * remove liboobs (which breaks encrypted private/home on forced password change)
  * in graphical adduser utility, should offer an encrypted home option
 * migration utility? (should not block on this)
 * better internationalization support

 * unify encryption options, e.g. a radio button showing: none, whole-disk, home directory, ~/Private
 * Consider allowing selection of password-assisted swap encryption (luks based) so that hibernation works again -- Miron Cuperman

 * https://bugs.launchpad.net/bugs/359338 (apparmor paths are broken when using encryptfs)
 * https://bugs.launchpad.net/bugs/295429 (pam_encryptfs.so causes authentication to be slow). fekek hashing iterations should be configurable, and default to something reasonable for low powered systems. With lower values, it may become important to make the fekek hashing iterations variable, so rainbow table generation (and storage) is more painful.


Work Items

Dependency tree

* Blueprints in grey have been implemented.