Tombuntu

Encrypted Private Directory in Ubuntu 8.10

One feature I’ve been looking forward to in Ubuntu 8.10 is the encrypted private directory. With this feature, you’ll get a folder called Private in your home. Private will work just like a normal folder, but it will be transparently encrypted and automatically locked and unlocked when you log in and out.

The encryption is provided by eCryptfs, a kernel-native cryptographic filesystem. I’ve written before on using it to create a private directory in Ubuntu 8.04.

At the moment, it seems that the private directory is not set up by default. There’s an option to do so in the alternate but not the graphical installer. I hope this is offered as an option in both installers, or even set up by default. Many users aren’t even going to know about this useful feature if it need to be set up in the terminal.

As of 8.10 alpha 6, set up the private directory for your user by running these commands:

sudo apt-get install ecryptfs-utils
ecryptfs-setup-private

After that last command, you’ll have to follow the prompts for your account password and then a mount password. Leave the mount password blank to generate a random one; you won’t need to use it unless you have to manually recover data.

If you open the private directory now, you’ll see a file with a very long name telling you that the directory has been unmounted. Don’t worry about this, just log out and back in and the directory will be mounted properly.

unmounted directory warning

It would be nice if there were a nicer way to notify the user that the directory is unmounted than creating a file with a long name. There should really be an extra bar across the top with a label like Nautilus does with the trash. A little explanation that the folder is encrypted would be nice too.

Archived Comments

Anonymous

Well, from a security point of view, the auto lock/unlock during login/out may not be a good idea. I’d rather keep the directory been locked for most of the time and only manually unlock it when necessary.

ampers

What would be nice is if it was there at the outset, and instead of a file called “Private” it would encrypt your entire “home users” directory.

Ampers.

Scott Wegner

That long-filename-to-notify-user-to-mount is very ugly and hack-ish. Any idea if this is actually the planned behavior for final Intrepid, or just a hack to keep things working for now?

panu

i just love it in future we need like this tools

Dr Small

This sounds interesting, but what I would like to see most, would be an option to fully encrypt the hard drive, right from installation on the LiveCD. This would be more straight-forward and shouldn’t be all so difficult to implement.

A fully encrypted hard drive would then become more widely used.

Dr Small

By the way, I submitted my last comment as an idea at brainstorm for polling:
http://brainstorm.ubuntu.com/idea/14574/

Respond via email