I’ve spoken before (Barcamp Orlando, 2007) about how we, as a culture, do not protect data as well as we should. We value physical things more than we value data, even though some of us spend far more of our lives creating and using data.
One way we can lose data is through theft of the hardware it’s on. We can think about the value of encryption, not only in how much positive value some information has to you (how much is a random string worth, really?), but also in how much negative value it would have if someone else had control of it (like when your bank password is in the hands of someone else).
Ubuntu can’t help you value your data more, but it can help remove some of the negative impact of someone stealing your hardware. Though a single directory was available only to advanced users back in Ubuntu 9.04, now all users can take advantage of having all personal data encrypted! That’s right — you entire home directory can be encrypted. There’s a great article written by Dustin Kirkland that elucidates how to begin to use encrypted home, even for established users and systems.
I thought I understood the migration process more than I really did, so my first attempt failed. I worked on it until I understood it, and so maybe someone will find a high-level summary of what I learned to be useful:
- Start ~/Private dir encryption. Copy all of your home into it (excluding the “Private” therein). Unmount the encryption.
- Make a new directory outside to hold config files. Move your ~/.ecryptfs into it, so there’s no chicken-egg problem in loading the config files. Move your ~/.Private ciphertext into it also.
- Make a new directory that will be renamed to your home directory later, which will hold almost nothing except a symlink to the config files and symlink to ciphertext dir.
- Move your home out of the way, to back up. Move the new tmp into place.
- Then, at log in, it reads the configs, finds the ciphertext, mounts this on top of your home, and all works as it should.
That is of course, just an overview of what one does, and should only help one grapple with the concepts, not help one actually do anything. For more helpful advice see that article above.
Encrypted home directories are new in Ubuntu 9.10 and are very easy to use if starting a new user from scratch.