Please refer to EncryptedFilesystems for further documentation.
There are two ways to encrypt files and directories within your home directory. You can either place files in an encrypted "Private" directory, or you can encrypt your entire Home directory.
Ubuntu 8.10 and higher has the ability to encrypt a "Private" directory within your home directory. This provides strong cryptographic protection of your most sensitive data, such as your documents and keys. This directory is automatically mounted on login, and unmounted on logout. When the directory is unmounted, an attacker only has access to your encrypted data (AES256), and not the files or directories stored within.
The encrypted data is in $HOME/.Private, and when mounted, the decrypted data is in $HOME/Private. Some important configuration information is stored in $HOME/.ecryptfs.
If installing from the Ubuntu 8.10 Alternate or Server CD, there is a question in the installation for configuring the Encrypted Private directory. If you want to setup your Encrypted Private directory later, just run ecryptfs-setup-private.
Later versions of Ubuntu continue to support Encrypted Private directories, which is perhaps useful for users who choose to auto-login their Ubuntu systems. As such, the user can store their most sensitive data in $HOME/Private, and protect that with a password, while using the rest of the system without a password.
Ubuntu 9.04 extended the Encrypted Private directory technology to actually cover the entire home directory. Ubuntu 9.04 users should add the boot option "user-setup/encrypt-home=true" to the kernel boot parameters when installing from the Desktop CD. If installing from the Alternate or Server CD, the option will always appear. The user will be asked if they want to encrypt their home directory.
Ubuntu 9.10 made it possible to set up Home directory encryption using Desktop CD. On the User Setup screen, after choosing a username and a password, the user can choose one of:
- log in automatically
- require a password to log in
- require a password to log in and decrypt your home directory
Users wanting an Encrypted Home directory should choose the 3rd option.
If the administrator wants to add a new user with an encrypted home directory after the initial installation, use: sudo adduser --encrypt-home. This requires the ecryptfs-utils package.
If the user wants to migrate from a non-encrypted home directory to an Encrypted Home directory, follow the instructions here:
In the Ubuntu 9.04 setup, the user's encrypted data is located in $HOME/.Private, but is only available when $HOME is not mounted. The user's configuration data is in /var/lib/ecryptfs/$USER.
Note that this has been problematic for some users who remember to back up their /home partition, but neglect to back up their /var/lib/ecryptfs partition. This has been fixed in Ubuntu 9.10.
In the Ubuntu 9.10 setup, the user's encrypted data is located in /home/.ecryptfs/$USER/.Private, and the user's configuration data is located in /home/.ecryptfs/$USER/.ecryptfs. As such, all of the user's pertinent data is self-contained in /home.
There are a few minor caveats that one must keep in mind about these encrypted configurations.
When you are not logged into your system, data in your home directory is not accessible in plain text. This, of course, is by design. This is what keeps an attacker from gaining access to your files. However, this means that:
- Your cronjobs may not have access to your Home Directory
SSH public key authentication into your system also will not work, unless you put your public key somewhere outside of your home directory and symbolically link it to your unmounted $HOME/.ssh/authorized_keys.
You can put your authorized_keys directly in your unencrypted home directory by following these directions without the need for linking it anywhere else. https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427/comments/12
Also, it is strongly recommended that you encrypt your swap space. Users installing from Ubuntu 9.10 and selecting the Encrypted Home option will automatically have encrypted swap space. Other users can run sudo ecryptfs-setup-swap. This is critically important, because your home directory data will appear as cleartext in memory, as the kernel reads your encrypted data. If the kernel swaps this data to disk, it could potentially leak your decrypted data back to disk, totally defeating your Encrypted Home. Encrypted Swap solves this problem. However:
- Hibernation will not work. Actually, hibernation will work just fine. But you can't resume. There are ways around this, but it involves choosing a password to use for your swap encryption, and entering that password every time you boot your system, and sharing that password with anyone else that might want to resume the system.
- This is a known, wishlist issue that we hope to solve for Ubuntu 10.04.
- You may be able to avoid these problems by running without a swapfile.
Beware of information from an encrypted directory leaking out (the linked article is Windows-centric but the same principle apply to Linux).
<!--please update with relevant info! -->
- It is unclear if and if so, how much, using an encrypted home impacts performance, especially on low-end machines
- What are the risks/chances of a breaking file system for recovering encrypted data?