Friday, February 27, 2009

Jaunty Encrypted Home Directories

So this post isn't exactly "hot off the press". It's about a month late. But better late than never... Two big announcements on the Ubuntu eCryptfs front:
  • Ubuntu now supports per-user encrypted home directories
  • Filenames are now encrypted too
I have been trusting eCryptfs with my entire home directory since December, and things have been working well.

Here are some simple instructions...

Server/Alternate Installer

It's easy to setup from the server/alternate installer:


LiveCD Desktop Installer

The desktop installation is only slightly more complex. Boot the LiveCD installer, and preseed a special value:
  • Select your language
  • Press F6
  • Then ESC
  • Add "user-setup/encrypt-home=true" just before the "--".


You will see a new option on the user-details page of the installer:


Post-installation, on a Running System

If you have a running Jaunty system, and you want to add another user, you can easily add a new user and have their home directory encrypted, with:

$ sudo adduser --encrypt-home foo_user

Important Caveats!

  1. You really must record your randomly generated mount passphrase after the installation. This is easy to do with:
    $ ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
  2. Swap space. Decrypted copies of your files could easy leak to your swap space. I strongly recommended that either:
    • You do not use swap (I have 4GB memory and don't really need it)
    • Or your encrypt your swap with:
      $ sudo ecryptfs-setup-swap
    In either case, however, you will not be able to hibernate your system (but suspend will continue to work just fine). It is for this reason that the option is hidden in the default installation. We're trying to fix the swap issues for Karmic.
  3. Auto-login and encrypted-home are simply incompatible. You must enter a password to decrypt your home directory, so automatic login is not possible. However, if you want to automatically login to your desktop, you can actually use the encrypted-private feature, and store a subset of your data in ~/Private. After installation, you can configure this with:
    $ ecryptfs-setup-private
Migration of Existing Data to an Encrypted Home Directory

We won't be able to provide an automated mechanism for live migration of data into your encrypted home directory in time for Jaunty. (Sorry, more pressing Ubuntu Server work took precedence...) I will provide some step-by-step instructions (and maybe a script?) here in my blog--stay tuned!

:-Dustin

23 comments:

  1. Won't fully encrypted home directories also disable sshing into a system with public key authentication?

    ReplyDelete
  2. Is this in the installer as of alpha 5? I just booted into alpha 5 in my VM, making sure to tack on that book parameter, and did not see the encrypted home option in the installer. Might I have been doing something wrong?

    ReplyDelete
  3. Update: I downloaded a daily build and successfully installed that in my VM with encrypted home directory. So ether the newer build fixed the problem, or more likely PEBKAC.

    ReplyDelete
  4. Dustin I think in Alpha 5 the encrypted home was removed from the live cd. You might want to check it out.

    ReplyDelete
  5. What impact on performance does this have? I'm especially interested in knowing how having an encrypted home directory would affect a netbook such as say the Asus EEE PC 1000h or the HP 2133. I'm looking at buying something like one of those in the coming week and will put Ubuntu on it. But since these machines are low-end already... any ideas?

    ReplyDelete
  6. Very cool. So does this mean there's now a separation of a user's password from the user's decryption password? This was an issue brought up in your previous post--oftentimes we want our encrypted data passphrase to be significantly longer than our user passphrase.

    ReplyDelete
  7. Hi Ryan-

    If you're already logged into the system elsewhere (on the desktop, another ssh session, etc), public key will work.

    However, you're correct. If you trying to start a brand new session, your ~/.ssh/authorized_keys file will not be available.

    You could work around this by creating a .ssh/authorized_keys file in your unmounted home directory. You could do something like the following:

    $ cd /
    $ ecryptfs-umount-private
    $ chmod 700 $HOME
    $ mkdir $HOME/.ssh
    $ chmod 500 $HOME
    $ chmod 700
    $ echo $PUBKEY $HOME/.ssh >> /authorized_keys
    $ ecryptfs-mount-private

    :-Dustin

    ReplyDelete
  8. Dave-

    Please read the whole post ;-)

    "The desktop installation is only
    slightly more complex. Boot the LiveCD
    installer, and preseed a special
    value...
    user-setup/encrypt-home=true
    ..."

    :-Dustin

    ReplyDelete
  9. Stoffe-

    There is a performance impact. In some cases, it's negligible, but in others, it's not. It really depends on what you're doing.

    Michael Larabel of Phoronix has been running some numbers. See:
    * http://global.phoronix-test-suite.com/?k=profile&u=phorocrypt-16497-10491-19665

    On my dual-core/4GB Thinkpad, the performance hit is absolutely unnoticeable. On single Atom or Celeron processor, though, it might be a bit more trying.

    Some users have reported that the initial login authentication is very slow on Asus EEE PC's with encrypted home directories:
    * https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/295429

    Cheers,
    :-Dustin

    ReplyDelete
  10. Hi gotgenes-

    For a full response, see:
    * http://blog.dustinkirkland.com/2009/02/how-encrypted-home-ecryptfs-works.html

    Cheers,
    :-Dustin

    ReplyDelete
  11. I'm now installing alpha 6 with encrypted home.
    Wow, this is great, I waited 2years on this feature, and I'm really happy to see it in the jaunty installer...

    Nice work Dustin, Thank you so much!

    ReplyDelete
  12. Hi Dustin, any news about this?

    "I will provide some step-by-step instructions (and maybe a script?) here in my blog--stay tuned!"I upgraded from Intrepid to Jaunty and I would really like to move from private directory to encrypted home directory, but I don't know how to do it... :|

    Thanks!!

    Giordano

    ReplyDelete
  13. Any updates on moving an existing users home directory to an encrypted one ?

    ReplyDelete
  14. Any instructions to convert existing unencrypted home to encrypted one ?

    Thanks

    Karthik

    ReplyDelete
  15. Ok, I have a HUGE problem right now. I just had to reinstall Jaunty (due to driver issues) and now I can't access my files.

    I have my /home folder on a separate partition, so I didn't even think twice about reinstalling my OS. Now it seems that the encryption key (encrypted by my login password) is actually stored in /var/lib/ecryptfs/user?!?

    Is there ANY way to recover my encryption key? All my files are still there, I just can't open any of them and very few actually got backed up.

    If someone can even give me a command to grep my hard drive for a pattern that matches something that would be in the cypher file, it would be greatly appreciated since there is a *slim* chance it may still be there.

    If I am correct about they way the key is stored, please consider my case when revising your system and put the keys in the "/home" folder!

    ReplyDelete
  16. Home directory encryption seems to be linked to a user's password in a non-functional way. I created a user with an encrypted home directory and then later changed that user's password. When I logged out and back in, I no longer saw any of my previous home directory files (I had a functional but default home directory).

    Changing the password back to what it was when I set up the encrypted home directory restored all of my files and settings, but it should be possible to change your password when using this feature.

    This glitch made me think that it might actually be trivial to add a "panic" password (which would open to a default home directory) to this system as well as the regular one (which would open the encrypted home directory files).

    ReplyDelete
  17. (I had difficulty posting this, I hope I didn't post same msg over and over again)

    Hi Dustin,
    I chose "encrypt home directory" during Jaunty installation, and I have two questions regarding encryption.
    When I boot with LiveCD to laptop, I cannot mount the /home directory in laptop's harddrive. That's good but when I do:
    dd if=/dev/sdaX | strings
    I can see printable text in that partition. So, I thought the contents of files are encrypted not only their headers. So, aren't the contents of files encrypted?
    Second question is that, I'm seeing many ecryptfs related error or warning messages in /var/log , these are the most frequent ones:
    - Warning: Using default salt value (undefined in ~/.ecryptfsrc)
    - ecryptfs_add_passphrase_key_to_keyring: Error adding auth tok with sig [xxxxxxxxxxxx] to the keyring; rc = [1]
    - ecryptfs_add_passphrase_key_to_keyring: Error adding auth tok with sig [yyyyyyyyyyyy] to the keyring; rc = [1]

    Are these normal messages, or smt wrong in my setup?
    By the way, I don't have the file you mention in your blog, ~/.wrapped-passphrase, instead I have ~/.ecryptfs/wrapped-passphrase. Is this normal?

    ReplyDelete
  18. I'm trying to create a new user with encrypted home dir using 9.04 live on some usb pen drive with persistence. Using "sudo adduser --encrypt-home foo_user" the account is created just fine, but I cannot graphically login because gdm doesn't start. I can only login using the console.

    ReplyDelete
  19. Per here: http://ubuntu-virginia.ubuntuforums.org/showthread.php?p=8456663

    After you unmount your encrypted home and create ~/.ssh/authorized_keys:

    Create file /etc/sshrc, add this:

    if test -e $HOME/.ecryptfs/auto-mount; then
    mount | grep "$HOME type ecryptfs"
    if test $? != 0; then
    ecryptfs-mount-private
    cd $HOME
    source ~/.[bashrc|cshrc|zshrc|etc]
    # equals whatever shell you use!
    fi
    fi

    If you use keychain (SSH passphrase caching app using ssh-agent) and add it to your .bashrc so it starts on login, it will remain resident and you will not be prompted for your password until next reboot. This means your home directory is unencrypted even though you're not logged in though, so beware!

    ReplyDelete
  20. Hi Dustin,

    Every six months, I am tempted to try out an encrypted Home directory from a clean Ubuntu installation (rather than symlinking to a Private mount point), but I simply don't trust it. I can't sleep at night unless I have recovered from simulated failure several times. Given the nature of encrypted data, I can't be the only paranoid user. Perhaps an advanced tab would be helpful which included, among other things, the ability to choose our own mount passphrase.

    Cheers,
    Alex

    ReplyDelete
  21. I think the two big announcements on encryption home directory & file names are really awesome. An encryption is a set like having a virus scanner running in the background on Windows all the time. With this new version now we can also encrypt other sensitive data. It is much easier to install and the important Caveats helps me a lot to make my task easy.

    ReplyDelete
  22. I think security and usefulness of Ubuntu system depends upon a good deal on what we do to enable users and their privileges. Without falling into the minutia and the mundane, it is most important to at least understand how users are handled in the Ubuntu GNU/Linux environment. The points describes in the post are very helpful, thanks Dustin for the huge info.

    ReplyDelete

Please do not use blog comments for support requests! Blog comments do not scale well to this effect.

Instead, please use Launchpad for Bugs and StackExchange for Questions.
* bugs.launchpad.net
* stackexchange.com

Thanks,
:-Dustin