Ecryptfs-Desktop-Ui
Launchpad Entry: ecryptfs-desktop-ui
Created: 2008-01
Contributors: MichaelRooney, DustinKirkland
Packages affected: ecryptfs-utils, keyutils, seahorse, kde-?
Summary
Currently there is no graphical utility to configure ecryptfs-utils once installed, however some experimental work has been done at https://launchpad.net/ecryptfs-gui. Ideally in Jaunty a graphical utility would be included in ecryptfs-utils that allows a user to set up, manage, and configure encrypted directories such as Private and Home.
Release Note
A new entry "Encrypted Directories" now appears in System -> Preferences after installing ecryptfs-utils, allowing users to set up, configure, and manage encrypted directories.
Rationale
Desktop users would benefit from a non-terminal solution to configuring and maintaining encrypted directories.
Use Cases
- Kevin is comfortable with installing ecryptfs-utils via Synaptic but is not comfortable with a terminal and would like a graphical application to allow him to set up an encrypted Private directory.
- Mariya has an encrypted Private directory but needs a way to easily toggle automatic mounting/unmounting at login/logout.
- Enub would like to unmount and mount his encrypted directory occasionally during his session.
- Mark would like a utility to guide him through setting up an encrypted home directory.
Assumptions
Currently the UI assumes that the user has installed ecryptfs-utils and configured Private or their home direcotpry. However ideally this will be abstracted to:
- Detect if there is no encrypted Home/Private, and if not, walk the user through setting up a Private.
- More ideally, if the UI goes in a place in some other Encryption preferences UI, detect if ecryptfs-utils is installed and if not, offer to do so.
Design
We suggest that the following functionality might be integrated into Ubuntu under:
System -> Preferences -> Encryption and Keyrings
perhaps as a new tab after Encrypted and PGP Passphrases.
Graphical configuration front-end utilities are needed for each of the following ecryptfs command line utilities:
Utility |
Description |
Status |
ecryptfs-add-passphrase |
Enter a passphrase as a text string and this utility will add it to the kernel keyring |
Needed |
ecryptfs-insert-wrapped-passphrase-into-keyring |
Enter the login passphrase as a text string and this utility will unwrap ~/.ecryptfs/wrapped-passphrase and add it to the kernel keyring |
Needed |
ecryptfs-mount-private |
Enter the login passphrase as a text string and this utility will mount the private directory |
Needed |
ecryptfs-rewrap-passphrase |
Enter the old wrapping passphrase, and new passphrase and this utility will rewrap the wrapped passphrase |
This one may not be needed--this is handled by PAM on password change |
ecryptfs-setup-private |
This utility will setup an encrypted private directory (or home directory); it takes several options and has several operating modes; this will definitely be the most complicated UI utility |
Needed |
ecryptfs-umount-private |
This utility will unmount a mounted encrypted private or home directory |
Needed |
ecryptfs-unwrap-passphrase |
Enter the login passphrase as a text string and this utility will unwrap and display the mount passphrase; this is the most important interface to implement; users MUST be able to retrieve their mount passphrase for archiving/off-site-storage/escrow, particularly when randomly generated |
Needed |
ecryptfs-wrap-passphrase |
Enter a passphrase to wrap and a wrapping passphrase, and this utility wrap the passphrase and store it in a file |
Probably not necessary to implement this one |
keyctl show |
List current keys in this user/session's current kernel keyring |
Would be nice to have |
keyctl clear @u |
Clear current keys in this user/session's current kernel keyring |
Would be nice to have |
Additionally, for proper desktop integration, a UI should:
- Integrate with the file manager for easy and intuitive [un]mounting when in the Private directory.
- toggle automatic mounting/unmounting at login/logout
- If Home is encrypted via installer, make sure a user understands the incredible importance of storing passphrase, such as via tray icon until they have done so.
This item is very important
Implementation
- API
- DONE: create Python API so anyone can easily manipulate ecryptfs
- get private directory location and implement getMounted() via new file in Jaunty
- ship API with ecryptfs and symlink into site-packages, or otherwise make available to system
- Gnome
- Create GTK utility for managing options:
- DONE: [Un]mounting
- DONE: Toggling automatic login/logout mounting/unmounting
- Display unwrapped passphrase for easy copying/printing
- Setup Private if no encrypted Home/Private exists
Integrate into System > Preferences > Encryption and Keyrings as tab "Encrypted Directory"
- Tab should either always be there or never (otherwise confusing user experience) so if ecryptfs-utils isn't installed, have a button to install it.
- Ensure UI changes appropriately between states:
- if a user installs ecryptfs via UI, now show setup private UI
- if a user sets up private with UI, now show settings
- perhaps best done with three panels: install, setup, manage, with only the appropriate being enabled. Anything above the enabled one is hidden, and anything below the enabled one is disabled.
Integrate "locking" and "unlocking" into nautilus. Mockup: http://launchpadlibrarian.net/17440012/mockup.png
- Tray icon if Home is encrypted, until the user dismisses via saying they have stored their password.
- Create GTK utility for managing options:
Code Changes
- Gnome
- adding UI as tab to Encryption and Keyrings
- nautilus hook
- encrypted Home tray icon
Mockup
Test/Demo Plan
It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release.
This need not be added or completed until the specification is nearing beta.
Unresolved issues
Future
There are a few items which would be nice and/or intuitive to have in an interface that configures encrypted directories, but lack underlying support in ecryptfs.
- Undo encryption
n.b. This would require some complex support in ecryptfs-utils -- Dustin is working on this in the background as part of his "live migration to/from encrypted directories" effort
- Migrate unencrypted Home directory to encrypted Home directory
Let's handle this as a separate spec. It's a lot of work, and I'm working on it. -- DustinKirkland
BoF agenda and discussion
- IMHO we'd rather have an encrypted Private directory working out of the box than a tool to configure it. Why do we need to bloat the Preferences menu even more? What the user wants is a ~/Private folder with a little logo to tell him his files are encrypted in it. At most, maybe a Nautilus extension so that some config options appear in the Properties dialog of the Private folder, but nothing more. Nobody wants to mount/unmount the encrypted folder manually, and the tool does automounting in such a great way ATM.
- I think the consequences of losing data are too important to have a Private directory by default, it really needs to be an opt-in scenario. And then following this, file properties will only work to modify existing directories, how do you create one? A properties Tab that contains a button to the Encryption and Keyrings isn't a bad idea, but I do believe Encryption and Keyrings is more intuitive then adding an 8th tab in the file manager properties. -mrooney
I second the notion of putting this in System -> Preferences -> Encryption and Keyrings
- I think the consequences of losing data are too important to have a Private directory by default, it really needs to be an opt-in scenario. And then following this, file properties will only work to modify existing directories, how do you create one? A properties Tab that contains a button to the Encryption and Keyrings isn't a bad idea, but I do believe Encryption and Keyrings is more intuitive then adding an 8th tab in the file manager properties. -mrooney