个人工具

UbuntuHelp:EncryptedHome

来自Ubuntu中文

跳转至: 导航, 搜索

Home Directory Encryption

Encrypted Private

Ubuntu 8.10 (Intrepid) introduce an interesting new feature to Ubuntu -- the ability to encrypt a "Private" folder within one's home directory. This provided cryptographic protection of your most sensitive data, such as your documents and keys. This folder is automatically mounted on login, and unmounted on logout. When the folder is unmounted, an attacker only has access to your encrypted data (AES256). The encrypted data is in $HOME/.Private, and when mounted, the decrypted data is in $HOME/Private. Some important configuration information is stored in $HOME/.ecryptfs. If installing from the Ubuntu 8.10 Alternate or Server CD, there is a question in the installation for configuring the Encrypted Private directory. If you want to setup your Encrypted Private directory later, just run ecryptfs-setup-private. Ubuntu 9.04 and Ubuntu 9.10 continues to support Encrypted Private directories, which is perhaps useful for users who choose to auto-login their Ubuntu systems. As such, the user can store their most sensitive data in $HOME/Private, and protect that with a password, while using the rest of the system without a password.

Encrypted Home

Ubuntu 9.04 extended the Encrypted Private directory technology to actually cover the entire home directory. Ubuntu 9.04 users should add the boot option "user-setup/encrypt-home=true" to the kernel boot parameters when installing from the Desktop CD. If installing from the Alternate or Server CD, the option will always appear. The user will be asked if they want to encrypt their home directory. Ubuntu 9.10 exposed this option to all users installing from the Desktop CD. On the User Setup screen, after choosing a username and a password, the user can choose one of:

  • log in automatically
  • require a password to log in
  • require a password to log in and decrypt your home directory

Users wanting an Encrypted Home directory should choose the 3rd option. If the administrator wants to add a new user with an encrypted home directory after the initial installation, use: sudo adduser --encrypt-home. If the user wants to migrate from a non-encrypted home directory to an Encrypted Home directory, follow the instructions here:

In the Ubuntu 9.04 setup, the user's encrypted data is located in $HOME/.Private, but is only available when $HOME is not mounted. The user's configuration data is in /var/lib/ecryptfs/$USER.

  • Note that this has been problematic for some users who remember to back up their /home partition, but neglect to back up their /var/lib/ecryptfs partition. This has been fixed in Ubuntu 9.10.

In the Ubuntu 9.10 setup, the user's encrypted data is located in /home/.ecryptfs/$USER/.Private, and the user's configuration data is located in /home/.ecryptfs/$USER/.ecryptfs. As such, all of the user's pertinent data is self-contained in /home.

Caveats

There are a few minor caveats that one must keep in mind about these encrypted configurations. When you are not logged into your system, data in your home directory is not accessible in plain text. This, of course, is by design. This is what keeps an attacker from gaining access to your files. However, this means that:

  • Your cronjobs may not have access to your Home Directory
  • SSH public key authentication into your system also will not work, unless you put your public key somewhere outside of your home directory and symbolically link it to your unmounted $HOME/.ssh/authorized_keys.

Also, it is strongly recommended that you encrypt your swap space. Users installing from Ubuntu 9.10 and selecting the Encrypted Home option will automatically have encrypted swap space. Other users can run sudo ecryptfs-setup-swap. This is critically important, because your home directory data will appear as cleartext in memory, as the kernel reads your encrypted data. If the kernel swaps this data to disk, it could potentially leak your decrypted data back to disk, totally defeating your Encrypted Home. Encrypted Swap solves this problem. However:

  • Hibernation will not work. Actually, hibernation will work just fine. But you can't resume. There are ways around this, but it involves choosing a password to use for your swap encryption, and entering that password every time you boot your system, and sharing that password with anyone else that might want to resume the system.
  • This is a known, wishlist issue that we hope to solve for Ubuntu 10.04.
  • You may be able to avoid these problems by running without a swapfile.
  • Beware of information from an encrypted directory leaking out (the linked article is Windows-centric but the same principle apply to Linux).