making encrypted $HOME as easy and convenient as possible
I like encrypted $HOME and making the use of them as easy for people
as possible.
On creation of the first user, Ubuntu's installer offers a checkbox
labelled something like "Encrypt the user's files". That's it: just
one check-box. If set, upon login, a PAM module unlocks and mounts a
loopback device over the user's $HOME location, transparently.
On Debian I have achieved this for some time using dm-crypt/LUKS + the
excellent support for the two (and LVM) in d-i. I then supplant that
with libpam-mount. The result works, but has drawbacks: manual
configuration of libpam-mount; unpredictable fscks with no visual
feedback; some bugs with concurrent logins; unreliable
unmount-on-logout; etc.
One difference between these two schemes is that Ubuntu's scheme is
orthogonal to whether /home or /home/foo is a distinct partition from
/. This, IMHO, is a good thing: novice users need not enter the
(sometimes confusing) world of partitioning: legacy DOS partition
table limitations; or schemes like LVM. Sometimes I don't care to
have $HOME separate from / myself (except to achieve encryption).
I think it would be wonderful to have such ease-of-use $HOME
encryption in Debian. Ubuntu's scheme uses ecryptfs. Before I begin
looking into how best I might help work towards this, I was wondering
if experienced people could weigh in with advice on whether ecryptfs
is likely to be the most sensible way to achieve the desired result,
or is something else worthy of consideration?
Thanks,
--
Jon Dowland
Reply to: