Encrypted private directories coming to Ubuntu

By Steven Rosenberg on August 7, 2008 9:00 AM | | Comments (0) |

Encrypted private directories are the one thing that would get me to upgrade to Ubuntu 8.10 this October. Ubuntu's Dustin Kirkland explains it all:

How does it work?

The underlying technology is a cryptographic virtual filesystem in the Linux kernel called eCryptfs, authored by Michael Halcrow of IBM.

When a user logs into an Ubuntu Intrepid system, their login passphrase is automatically used to decrypt a randomly generated mount passphrase. This mount passphrase will then cryptographically mount ~/.Private onto ~/Private. As long as ~/Private is mounted, the user can read and write sensitive data to files and directories under the virtual filesystem on ~/Private. The actual files stored in the underlying filesystem are encrypted, and located in ~/.Private. The only passphrase required is obtained when logging in (via console, ssh, gdm, etc). And the only files encrypted are those that the user consciously places in ~/Private. The user can then incrementally backup the encrypted ~/.Private directory to off-site storage.

I'd really, really, really like to see a backport of this to Ubuntu 8.04 LTS so I can keep the current version of the distro if I so choose.

I'll be looking at Ubuntu Backports and GetDeb to see if installing it in Hardy is possible. ... or I may just upgrade to Intrepid.

More information:

  • The Ubuntu Wiki on encrypted private directories

    • Categories:

    Tags:

    Leave a comment

    Tech Talk column

    Steven Rosenberg's weekly Tech Talk column, which appears Saturdays in the Los Angeles Daily News, is now available on the Daily News Technology page.

    About this blog

    New ways to sign in to comment: I just added the ability for prospective commenters on this blog to sign in using their AOL, Yahoo! and Wordpress.com accounts (for the past 200 posts anyway ... more than that will take an extensive, middle-of-the-night rebuild). That's in addition to the other sign-in choices, which include starting a Movable Type account on this blog, Typekey, OpenID, Live Journal and Vox. If you have trouble getting your Movable Type account verified, or any of the other sign-in options are not working properly, please e-mail me. With these added ways of signing in, there's more reason than ever for you to make a comment (or several!).



    Steven Rosenberg aims to learn what he does not know. He writes about it here.


    About this Entry

    This page contains a single entry by Steven Rosenberg published on August 7, 2008 9:00 AM.

    Virtualization: It's Greek(or geek) to me was the previous entry in this blog.

    Fat lady sings, and Opera is officially my new favorite browser (this week anyway) is the next entry in this blog.

    Find recent content on the main index or look in the archives to find all content.

    Recent Comments

    Powered by Movable Type 4.25

    Search

    LXer

    Links

    Daily News technology
    LXer
    Distrowatch
    Linus' Blog
    David Pogue
    BoingBoing
    Linux Today
    TuxRadar
    Linux.com
    Linux Planet
    The Open Road
    Linux Outlaws podcast
    Dan Lynch
    Fabian Scherschel
    The VAR Guy
    Larry the Free Software Guy
    Chess Griffin
    Linux Reality podcast
    Desktop Linux
    Practical Technology
    Linux Devices
    ZDNet
    ZDNet U.K.
    iTWire
    CNet News
    TechCrunch
    The Register
    Ars Technica
    Reg Developer
    Computerworld
    Computerworld blogs
    Steven J. Vaughan-Nichols at Computerworld
    Debian
    Planet Debian
    Debian Forums
    Debian News
    debianHELP
    debiantutorials.org
    The Debian User
    Wolfgang Lonien
    Debian-News.net
    Debian Administration
    Debian Admin
    Debian Weather
    Ubuntu
    Xubuntu
    Kubuntu
    Edubuntu
    Gobuntu
    Planet Ubuntu
    Ubuntu Forums
    Ubuntu Geek
    Works With U
    Dustin Kirkland
    Ubuntu UK Podcast
    Popey
    gNewSense
    CrunchBang Linux
    OpenBSD
    OpenBSD Journal
    OpenBSD Ports
    OpenBSD 101
    Planet.OpenBSD.nu
    jggimi's OpenBSD live CD
    DaemonForums
    BSDanywhere
    Marc Balmer
    Denny's OpenBSD blog
    Polarwave's OpenBSD Tips and Tricks
    Binary Updates for OpenBSD
    Puppy Linux
    Damn Small Linux
    Tiny Core Linux
    PCLinuxOS
    Mandriva
    Red Hat
    Red Hat News
    Red Hat Blogs
    Red Hat: Truth Happens
    Red Hat Magazine
    CentOS
    Planet CentOS
    Fedora
    Slackware
    Slackbuilds
    Robby's Slackware Packages
    Slackblogs
    dropline GNOME for Slackware
    GNOME Slackbuild
    GWARE - GNOME for Slackware
    Wolvix
    Zenwalk Linux
    Vector Linux
    Slax
    Splack Linux — Slackware for Sparc
    Nonux
    How to Forge
    marc.info BSD and Linux mailing list archive
    FreeBSD
    FreeBSD, the Unknown Giant
    A Year in the Life of a BSD Guru
    NetBSD
    PC-BSD
    DesktopBSD
    DragonFlyBSD
    DragonFlyBSD Digest
    DesktopBSD
    BSD Talk podcast
    OpenSolaris
    MilaX
    BeleniX
    DeLi Linux
    Linux Loop
    Electronista
    Engadget
    Gizmodo

    Advertisement

    Other blogs

    Johnson Update in Inside USC with Scott Wolf
    Has Bynum outgrown Kareem? in Inside the Lakers
    Can the Angels just get to the end of this thing without an injury? in Farther Off the Wall
    Neuheisel On: in Inside UCLA with Jon Gold
    U.S. Roster for Final Two WCQ Announced in 100 Percent Soccer