Interested in encrypted (home) directories?

Mon Nov 22 11:50:30 CST 2004

Martin Pitt Wrote: 
> 

> encfs is much nicer than using cryptoloop since it does not require

> allocating space for partitions, but directly works with the

> underlying file system.

But ubuntu includes OOTB the newer dm-crypt engine which, in addition
to being pretty doggone nice, is already supported. There's a page at
the wiki about this (which I will be editing again real soon now)

> There should be a nice integration to support encrypted home

> directories; this requires an easy user interface for switching to

> an encrypted home directory and transparently mount it when logging

> in (using a tweaked libpam-mount or sth. similar).

> 

> I think supporting encrypted directories (even complete home

> directories) out of the box would be a cool feature.

> 

Ubuntu does it. It's not exactly ootb unless you know how to speak
fluent hex, but it only takes one 200K download/install to get it
working pretty nicely. In addition, I'm nearly complete with an
addiditonal support tool (a startup daemon) that will allow you to
encrypt your entire userspace with a single command, encrypt swaps any
time they are added or changed, move encrypted userlands around from
disk to disk, etc. 

I do think an OOTB encrypted installation would be a nice option (and
one which no one else offers at this time). My goal is to make this
tool easy enough to use it could be integrated via any GUI disk
management tool in the future. I chronically reinstall on my laptop(s)
and was sick of spending an hour to do all this stuff, so I made
something about as close to click-n-run as you can get without a GUI -
and I expect a basic GUI done in another week or so :)

> If there is a general interest in supporting this, I would like to

> work on this if my other Ubuntu projects leave some time for it.

> 

If you are interested in this sort of thing, can I talk you into trying
out this daemon?

You need a spare partition at least 2GB in size (big enough for /usr,
/var, /tmp, /root, and whatever /home you want) and enough room on root
to temporarily accomodate /usr, /var, /root, /tmp and a minimal /home.
Ideally you apply the tool on a reasonably fresh install, although I've
used it on my system without -too- much fear of data loss. All you need
to do to use it is (for example)

echo -e "swap\nuserland" > /etc/cryptkeeper.conf

And reboot. In 10-15 minutes your system is nice and tight.

-- 
poptones