Sunday, April 5, 2009

Setup an encrypted private directory in Ubuntu/Linux Mint

Starting with the release of Intrpeid Ibex, Ubuntu has supported having an encrypted private directory in the home directory with minimal setup. I did this on Linux Mint and it works exactly the same way on Ubuntu, but only version 8.10 and later and version 6 or later of Mint. To install this feature, run these two commands at the Terminal:
sudo aptitude install ecryptfs-utils
ecryptfs-setup-private
During the setup you will have the option to specify a recovery key or have one set for you. This is used if your operating system gets hosed and you need to recover the data contained in the encrypted directory. After that, log out and log back in. You will see a new directory in your home folder called Private. Everything stored in this folder is encrypted.

The way it works is that an encrypted image file is created. When you log in, this image is mounted to ~/Private and data is encrypted and decrypted on the fly when you read and write to that directory. The really great thing about this is that the encrypted image gets resized dynamically as data is added and removed. It is seamlessly integrated into the system.

For better security, you can move data files for your programs into this directory and replace them with symbolic links. For example, if you wanted to move your SSH data, which is located at ~/.ssh, you would enter these commands at the Terminal:
mv ~/.ssh ~/Private
ln -s ~/Private/.ssh ~/
This should work with any program you have that stores files in your home directory. The key thing though, is to make sure the program is not running when you move the files.

If you decide not to use this encrypted directory and want to remove it, run these commands:
ecryptfs-umount-private
rm -rf ~/Private ~/.Private ~/.ecryptfs
For more information on this topic, including how to recover the data in this directory, check out this page:
https://help.ubuntu.com/community/EncryptedPrivateDirectory

No comments:

Post a Comment