- Ubuntu now supports per-user encrypted home directories
- Filenames are now encrypted too
Here are some simple instructions...
It's easy to setup from the server/alternate installer:
LiveCD Desktop Installer
The desktop installation is only slightly more complex. Boot the LiveCD installer, and preseed a special value:
- Select your language
- Press F6
- Then ESC
- Add "user-setup/encrypt-home=true" just before the "--".
You will see a new option on the user-details page of the installer:
Post-installation, on a Running System
If you have a running Jaunty system, and you want to add another user, you can easily add a new user and have their home directory encrypted, with:
$ sudo adduser --encrypt-home foo_user
- You really must record your randomly generated mount passphrase after the installation. This is easy to do with:
$ ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
- Swap space. Decrypted copies of your files could easy leak to your swap space. I strongly recommended that either:
- You do not use swap (I have 4GB memory and don't really need it)
- Or your encrypt your swap with:
$ sudo ecryptfs-setup-swap
- Auto-login and encrypted-home are simply incompatible. You must enter a password to decrypt your home directory, so automatic login is not possible. However, if you want to automatically login to your desktop, you can actually use the encrypted-private feature, and store a subset of your data in ~/Private. After installation, you can configure this with:
We won't be able to provide an automated mechanism for live migration of data into your encrypted home directory in time for Jaunty. (Sorry, more pressing Ubuntu Server work took precedence...) I will provide some step-by-step instructions (and maybe a script?) here in my blog--stay tuned!