Ubuntu Intrepid Ibex brings an interesting new security feature to both desktop and server users: the Encrypted ~/Private Directory.

Setup Your Encrypted Private Directory

1. Install ecryptfs-utils

    sudo apt-get install ecryptfs-utils 

2. Setup your private directory

    ecryptfs-setup-private 

3. Enter your login password, and either choose a mount pass phrase or generate one. Record both pass phrases in a safe location!!! They will be required if you ever have to recover your data manually.

4. Logout, and Log back in to establish the mount

Use Your Encrypted Private Directory

After logging back in, all content of any files or folders you write in ~/Private will be encrypted when written to the disk, in the hidden directory ~/.Private.

Storing your keys, email and other dot directory in ~/Private

It can be a good idea to move the content of your .evolution/, .ssh/ and .gpg/ in ~/Private and replacing them with a symlink.

1. Make sure that the application whose data you want to protect (e.g. Firefox or Evolution) is not running

    $ ps -ef | grep evolution 

2. Move the application's data directory (e.g. ~/.mozilla or ~/.evolution) into your ~/Private directory

    mv ~/.evolution ~/Private 

3. Establish a symbolic link from the old location to new location

    ln -s ~/Private/.evolution ~/.evolution 

Caveats

• Filenames and directory names will not be encrypted (Bug #264977).

• NFS mounting of /home will not mount ~/Private (bugs #277578 & #289747).

• Data is not kept private to privileged users while the user is logged in, this is by design.
• If you put all of .ssh in ~/Private, some users reported that you won't be able to ssh into the system using public key authentication. In this case, you might want to only put your private key in ~/Private, and leave the rest in the clear.