Interested in encrypted (home) directories?

Martin Pitt martin.pitt at canonical.com
Mon Nov 22 08:10:20 CST 2004 

Hi folks!

Today I installed and played around with encfs[1]. It is a nice
application of FUSE (Filesystem in Userspace) [2] that provides
transparent per-directory file encryption, which is a major part in
providing offline data protection especially for laptops [3].

encfs is much nicer than using cryptoloop since it does not require
allocating space for partitions, but directly works with the
underlying file system. It is reasonably small, does not need any
kernel patch or support apart from FUSE itself, works reasonably fast,
is easy to install and provides a good cryptographic offline file
system protection.

However, to make it really useful for Ubuntu, there is still some work
to do:

- A newer FUSE version should be packaged; preferably the Ubuntu
  standard kernel should support FUSE right out of the box. It is a
  general virtual file system layer and has many applications other
  than encrypted directories.

- EncFs itself (and a depended-on library, librlog) must be packaged.
  Should be very easy, everything is autofoo'ed.

- There should be a nice integration to support encrypted home
  directories; this requires an easy user interface for switching to
  an encrypted home directory and transparently mount it when logging
  in (using a tweaked libpam-mount or sth. similar).

I think supporting encrypted directories (even complete home
directories) out of the box would be a cool feature. This might not be
something supportable for Hoary, because I have to extensively develop
and test this. However, this should not stop us from developing it
now, providing it in Hoary's universe and start to support it later.

If there is a general interest in supporting this, I would like to
work on this if my other Ubuntu projects leave some time for it.

What do you think about this?

Thanks,

Martin

[1] http://encfs.sourceforge.net/
[2] http://fuse.sourceforge.net/
[3] For complete protection the swap partition must be handled too, of
course (encryption or overwrite with random data at shutdown). 

-- 
Martin Pitt                       http://www.piware.de
Ubuntu Developer            http://www.ubuntulinux.org
Debian GNU/Linux Developer       http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20041122/ca985883/attachment.pgp

More information about the ubuntu-devel mailing list