Encrypted home directories!
I have two packages available for beta testing in my PPA:
- adduser
- ecryptfs-utils
- adduser --encrypt-home foo
I've tested this pretty thoroughly with both command-line, server logins, as well as graphical desktop logins. It's working really well, and I'm quite excited about it! This is going to be far easier and more secure than moving bits and pieces of data in ~/Private, and manually symlinking files and directories around.
Caveats...
- Encrypted filenames have landed in the upstream Linux -mm kernel; but they're not in the Ubuntu Jaunty kernel yet. I think they should make in time for the Jaunty release.
- Migrating an existing, non-encrypted home directory to an encrypted one is not something that we can do automatically--there's quite simply too much that can go wrong. I will, however, provide a wiki page describing how to do it as the root user, in a recovery shell. Basically, bad things can happen if any other processes running as the user try to read or write data in their home directory during the migration.
I've released the code necessary to setup the encrypted home directory in ecryptfs-utils-67. As soon as Debian pulls that release into unstable, I'll merge it into Jaunty (and then you can skip the PPA step).
After that, I hope to add "Encrypt Home" as an option to both the graphical and server installers, when creating the administrator user. We should be able to do this in the Server Installer easily by Alpha-2, and the Desktop Installer by Alpha-3.
Also, we need to modify the graphical "User Settings" program as provided in system-tools-backends to support the --encrypt-home option.
Miscellaneous
Separate, but related to this work item are two other blueprints for Jaunty:
:-Dustin
