Revision 1 as of 2008-12-02 20:23:37
initial page creation
|Deletions are marked like this.||Additions are marked like this.|
|Line 12:||Line 12:|
|This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.)
It is mandatory.
|The Ubuntu Jaunty Jackalope (9.04) release will enable per-user home directory encryption.|
|Line 18:||Line 16:|
|This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified.||The EncryptedPrivateDirectory work proved the usefulness and stability of the Linux kernel's ecryptfs cryptographic filesystem. Encrypting only ~/Private directory, however, requires Ubuntu users to consciously store sensitive data in that location, and manually linking that data to traditionally locations.|
Packages affected: adduser, ecryptfs-utils, gnome-system-tools, Graphical Installer(s), Alternate Installer
Based on the delivery of EncryptedPrivateDirectory in Ubuntu Intrepid, this specification describes the next steps to extend that work to provide a seamless mechanism for encrypting a user's entire home directory.
The Ubuntu Jaunty Jackalope (9.04) release will enable per-user home directory encryption.
The EncryptedPrivateDirectory work proved the usefulness and stability of the Linux kernel's ecryptfs cryptographic filesystem. Encrypting only ~/Private directory, however, requires Ubuntu users to consciously store sensitive data in that location, and manually linking that data to traditionally locations.
You can have subsections that better describe specific parts of the issue.
This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like:
Should cover changes required to the UI, or specific UI that is required to implement this
Code changes should include an overview of what needs to change, and in some cases even the specific details.
- data migration, if any
- redirects from old URLs to new ones, if any
- how users will be pointed to the new way of doing things, if necessary.
As of 2008-12-02, you can test this by:
Install the adduser and ecryptfs-utils packages in the following PPA:
- Add a user with an encrypted home directory as root, with:
# adduser --encrypt-home testuser
Login as testuser on the console, through the GUI, and via ssh. Ensure that all programs work as expected. Log out of the console/GUI/ssh. Ensure that the home directory is not mounted and that the data stored in /home/testuser/.Private is encrypted.
There are two other specifications, solving related issues:
- Encrypting Swap Space
- GUI for eCryptfs
Please post questions to: