- Ubuntu now supports per-user encrypted home directories
- Filenames are now encrypted too
Here are some simple instructions...
Server/Alternate Installer
It's easy to setup from the server/alternate installer:
LiveCD Desktop Installer
The desktop installation is only slightly more complex. Boot the LiveCD installer, and preseed a special value:
- Select your language
- Press F6
- Then ESC
- Add "user-setup/encrypt-home=true" just before the "--".
You will see a new option on the user-details page of the installer:
Post-installation, on a Running System
If you have a running Jaunty system, and you want to add another user, you can easily add a new user and have their home directory encrypted, with:
$ sudo adduser --encrypt-home foo_user
Important Caveats!
- You really must record your randomly generated mount passphrase after the installation. This is easy to do with:
$ ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase - Swap space. Decrypted copies of your files could easy leak to your swap space. I strongly recommended that either:
- You do not use swap (I have 4GB memory and don't really need it)
- Or your encrypt your swap with:
$ sudo ecryptfs-setup-swap
- Auto-login and encrypted-home are simply incompatible. You must enter a password to decrypt your home directory, so automatic login is not possible. However, if you want to automatically login to your desktop, you can actually use the encrypted-private feature, and store a subset of your data in ~/Private. After installation, you can configure this with:
$ ecryptfs-setup-private
We won't be able to provide an automated mechanism for live migration of data into your encrypted home directory in time for Jaunty. (Sorry, more pressing Ubuntu Server work took precedence...) I will provide some step-by-step instructions (and maybe a script?) here in my blog--stay tuned!
:-Dustin
