Friday, October 3, 2008

What's in my Encrypted ~/Private directory?

Ubuntu Intrepid's integration of Per-User Encrypted Private Directories is one of the most important new features to me to be included in the 8.10 release later this month.

I've spent quite a bit of time over the last 5 months developing, testing, documenting, and blogging about this feature.

Some people have asked, "What do you keep in your encrypted ~/Private directory?" So I thought I'd respond here. If there happen to be an other planet.ubuntu.com bloggers out there using an Encrypted Private Directory, perhaps this should be our next MeMe :-)
kirkland@t61p:~/Private$ ls -alF
total 40
drwx------ 10 kirkland kirkland 4096 2008-10-03 10:30 ./
drwx------ 95 kirkland kirkland 4096 2008-10-03 10:24 ../
drwx------ 4 kirkland kirkland 4096 2008-10-03 10:23 Documents/
drwx------ 5 kirkland kirkland 4096 2008-10-03 10:30 .evolution/
drwx------ 2 kirkland kirkland 4096 2008-10-03 09:54 .gnupg/
drwx------ 4 kirkland kirkland 4096 2008-02-14 06:59 .mozilla/
drwx------ 6 kirkland kirkland 4096 2008-10-03 10:28 .purple/
drwx------ 2 kirkland kirkland 4096 2008-10-01 13:31 .ssh/
drwx------ 10 kirkland kirkland 4096 2008-10-03 09:03 .xchat2/

To protect your sensitive data, such as documents, mail, calendars, contacts, browser cache, messaging logs, and encryption keys in Intrepid, you can simply do the following:
  • Install ecryptfs-utils
    • $ sudo apt-get install ecryptfs-utils
  • Setup your private directory
    • $ ecryptfs-setup-private
  • Enter your login password, and either choose a mount pass phrase or generate one
    • Record both pass phrases in a safe location!!! They will be required if you ever have to recover your data manually.
  • Logout, and Log back in to establish the mount
  • Make sure that the application whose data you want to protect (e.g. Firefox or Evolution) is not running
    • $ ps -ef | grep evolution
  • Move the application's data directory (e.g. ~/.mozilla or ~/.evolution) into your ~/Private directory
    • mv ~/.evolution ~/Private
  • Establish a symbolic link from the old location to new location
    • ln -s ~/Private/.evolution ~/.evolution
I could provide a script to do this, however, care must be taken that applications are not reading and writing data to these directories while they're being moved, and thus, I recommend that these be handled manually.

Note: If you put all of .ssh in ~/Private, you won't be able to ssh into the system using public key authentication. In this case, you might want to only put your private key in ~/Private, and leave the rest in the clear.

Please open any bugs or ask any questions in Launchpad.

:-Dustin

2 comments:

  1. This blog post content and more is now available on https://help.ubuntu.com/community/EncryptedPrivateDirectory

    Thanks Dustin :)

    ReplyDelete

Please do not use blog comments for support requests! Blog comments do not scale well to this effect.

Instead, please use Launchpad for Bugs and StackExchange for Questions.
* bugs.launchpad.net
* stackexchange.com

Thanks,
:-Dustin