EncryptedHomeDirectory

Differences between revisions 2 and 3
Revision 2 as of 2008-12-02 20:36:34
Size: 2695
Editor: rrcs-71-42-114-254
Comment:
Revision 3 as of 2008-12-03 00:27:39
Size: 2756
Editor: cpe-66-68-12-58
Comment: updated summary
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
Based on the delivery of EncryptedPrivateDirectory in Ubuntu Intrepid, this specification describes the next steps to extend that work to provide a seamless mechanism for encrypting a user's entire home directory. Based on the delivery of EncryptedPrivateDirectory in Ubuntu Intrepid, this specification describes the next steps to extend that work to provide a seamless mechanism for encrypting a user's entire home directory, mounting it on login, and un-mounting it on the last logout.

Summary

Based on the delivery of EncryptedPrivateDirectory in Ubuntu Intrepid, this specification describes the next steps to extend that work to provide a seamless mechanism for encrypting a user's entire home directory, mounting it on login, and un-mounting it on the last logout.

Release Note

The Ubuntu Jaunty Jackalope (9.04) release will enable per-user home directory encryption.

Rationale

The EncryptedPrivateDirectory work proved the usefulness and stability of the Linux kernel's ecryptfs cryptographic filesystem. Encrypting only ~/Private directory, however, requires Ubuntu users to consciously store sensitive data in that location, and manually linking that data to traditionally locations.

Use Cases

Assumptions

Design

You can have subsections that better describe specific parts of the issue.

Implementation

This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like:

UI Changes

Should cover changes required to the UI, or specific UI that is required to implement this

Code Changes

Code changes should include an overview of what needs to change, and in some cases even the specific details.

Migration

Include:

  • data migration, if any
  • redirects from old URLs to new ones, if any
  • how users will be pointed to the new way of doing things, if necessary.

Test/Demo Plan

As of 2008-12-02, you can test this by:

  1. Install the adduser and ecryptfs-utils packages in the following PPA:

  2. Add a user with an encrypted home directory as root, with:
    •  # adduser --encrypt-home testuser 

  3. Login as testuser on the console, through the GUI, and via ssh. Ensure that all programs work as expected. Log out of the console/GUI/ssh. Ensure that the home directory is not mounted and that the data stored in /home/testuser/.Private is encrypted.

Unresolved issues

There are two other specifications, solving related issues:

Discussion

Please post questions to:


CategorySpec

EncryptedHomeDirectory (last edited 2009-04-07 21:12:29 by nat-stumcr)