Encrypted Home Directory Offered to All Users

Registered by Dustin Kirkland  on 2009-04-17

The Encrypted Home Directory option is currently only available in the alternate installer, or on the desktop installer *with a preseed option* (user-setup/encrypt-home=true).

This was pulled from the Jaunty desktop installer due to a few minor usability concerns. This Blueprint suggests that we define those concerns now, and show this option in the Karmic desktop installer.

Discussion Points:
 * security: need encrypted swap space (see ecryptfs-setup-swap), need to be able to resume from hibernation to encrypted swap
 * usability: need a very clean mechanism for getting the user to record their randomly generated passphrase (currently implementation is passable, but could be improved)
 * usability: need a couple of graphic utilities for managing some options (see other blueprint for Jaunty, ecryptfs-ui)
 * migration: would be nice to offer a migration utility for enabling/disabling encrypted-home after installation
 * security: create a 700 ~/Private directory for all users. expose an easy option to set this up for encryption (if home is not already encrypted). ensure that ~/Private is translatable (xdg-user-dirs?)
 * install ecryptfs-utils by default on all ubuntu servers and desktops, such that users can run ecryptfs-setup-private and at least setup a secure private space at any point after installation
 * ... anything else?

:-Dustin

Blueprint information

Status:
Complete
Approver:
Rick Clark
Priority:
Undefined
Drafter:
Dustin Kirkland 
Direction:
Needs approval
Assignee:
Dustin Kirkland 
Definition:
Approved
Series goal:
Proposed for karmic
Implementation:
Implemented
Milestone target:
milestone icon karmic-alpha-5
Started by
Dustin Kirkland  on 2009-04-17
Completed by
Dustin Kirkland  on 2009-11-02

Whiteboard

= Status =
 * Encrypted Swap is now in the desktop installer
 * Time for testing!
-- Dustin Kirkland

Infrastructure needed:
 * encrypted swap
 * ui utilities
  * remove liboobs (which breaks encrypted private/home on forced password change)
  * in graphical adduser utility, should offer an encrypted home option
 * migration utility? (should not block on this)
 * better internationalization support

Installer:
 * unify encryption options, e.g. a radio button showing: none, whole-disk, home directory, ~/Private
 * Consider allowing selection of password-assisted swap encryption (luks based) so that hibernation works again -- Miron Cuperman

Bugs:
 * https://bugs.launchpad.net/bugs/359338 (apparmor paths are broken when using encryptfs)
 * https://bugs.launchpad.net/bugs/295429 (pam_encryptfs.so causes authentication to be slow). fekek hashing iterations should be configurable, and default to something reasonable for low powered systems. With lower values, it may become important to make the fekek hashing iterations variable, so rainbow table generation (and storage) is more painful.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.