How can users protect themselves from the loss of important data when a computer goes missing? Well, the latest release of Ubuntu makes this not only possible, but frighteningly easy!
A friend recently quizzed me about the Encrypted Home Directory feature in Ubuntu, but unfortunately his questions were not due simply to his naturally inquisitive nature.
A week earlier, he was en route to a Free Software conference and boarding a train in Europe after an overnight flight from the United States. In a flash, one thief created a diversion while his partner-in-crime stole my friend’s laptop case.
While not particularly happy about losing his computer, he was far more distraught at his potentially compromised data which included encryption keys, stored website passwords, personal finance information, confidential documents… everything.
This could just as easily happen to anyone. Do you travel with a laptop that contains private information? If so, what is of more value â€“ the physical hardware itself, or the data? There must be a way to protect this highly sensitive material. Fortunately, there is!
Linux and Encryption
Linux users actually have a suite of data encryption options at their disposal. GPG (GNU Privacy Guard) can be used to provide encryption for email and individual files. Whole-disk encryption is available using a combination of LUKS (Linux Unified Key Setup) and dm-crypt (the device mapper encryption module). These two technologies represent merely the most visible tip of the iceberg.
While dozens of file encryption options exist for Linux users, this article focuses on Ubuntu’s use of eCryptfs, the Enterprise Cryptographic File System originally developed in the IBM Linux Technology Center, and now co-maintained with Canonical’s Ubuntu Platform Team. Users of Ubuntu 9.10 can optionally configure eCryptfs to automatically mount and decrypt their home directory at each login.
eCryptfs is a stacked file system in the Linux kernel. Users mount a directory in one file system on top of another. Content read from, and written to, the upper directory exists as decrypted content in memory and is seamlessly accessible to the user and applications.
Files are written to disk in the lower directory as atomic, encrypted units. File names and directory names are encrypted with a single, mount-wide fnek (file name encryption key).
Each encrypted file embeds a unique, randomly generated fek (file encryption key) in the header, wrapped with a separate, mount-wide fekek (file encryption key, encryption key). Keys are managed by the Linux kernel keyring and the encryption is provided by the common ciphers in the kernel.
Ubuntu’s initiative to utilize eCryptfs originated in the Ubuntu Server Team’s desire to provide an encrypted, private space for administrators without breaking unattended reboots. Typically, full disk encryption blocks the unattended boot process while waiting at a password prompt during start up. This is highly impractical for servers in data centers. Using an eCryptfs PAM (Pluggable Authentication Module) however, the system can load the necessary keys and mount the home directory at login, rather than during boot time.
Per-user unique keys and mounts with eCryptfs can provide additional data privacy and risk-mitigation among administrators and users on a multi-user system. Some users may have an encrypted home, while others may not, and each user’s encrypted home utilizes unique private keys. System resources are focused on encrypting and decrypting specific private data in /home, rather than gigabytes of stock system binaries and libraries in /usr, /lib, and elsewhere.
The eCryptfs layered file system approach also eliminates the need for a dedicated partition, sparse file, or preallocated disk space for the encrypted data. eCryptfs files are written to the administrator’s chosen underlying file system with the total disk capacity available. Since each encrypted file is written to disk as an atomic unit, users can perform per-file incremental encrypted backups to remote storage â€“ something that is impractical and dangerous with block device encryption solutions.
Ubuntu 8.10 and Encrypted Private Directories
Ubuntu 8.10 introduced eCryptfs to mainstream Linux users in the form of an innovative, optional security feature â€“ an Encrypted Private Directory within a user’s home directory. Users of Ubuntu 8.10 (and later) can configure an Encrypted Private Directory by simply running:
$ sudo apt-get install ecryptfs-utils
Enter your login passphrase:
Enter your mount passphrase [leave blank to generate one]:
YOU SHOULD RECORD THIS MOUNT PASSPHRASE AND STORE IN A SAFE LOCATION:
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
Logout, and log back in to begin using your encrypted directory.
When the user logs into the system, either graphically or on the command line, the encrypted mount is established:
/home/foo/.Private on /home/foo/Private type ecryptfs (ecryptfs_sig=009d8073058734f2, ecryptfs_fnek_sig=d27234f4a296af68, ecryptfs_cipher=aes, ecryptfs_key_bytes=16)
This user can now read and write data in /home/foo/Private like any other directory, with any application. The encryption and decryption happens transparently, on-the-fly. The encrypted data on the physical disk actually lives in /home/foo/.Private. When the user logs out, /home/foo/Private is unmounted and his data is only visible as encrypted content in /home/foo/.Private.
This provides an interesting bit of on-demand security for systems that use the GNOME or KDE auto-login feature. Such users can boot directly into their desktop environment without entering a password, but then consciously store their most confidential information cryptographically in ~/Private, which requires a password to access.
Ubuntu 9.10 and Encrypted Home Directories
Keeping track of what is and is not stored in ~/Private can become impractical if you consider most of your home directory data confidential. But Encrypted Private Directories in Ubuntu 8.10 were well received. The new feature did not introduce any insurmountable problems and has generally been very stable.
For these reasons, Ubuntu 9.04 extended the Encrypted Private Directory feature to cover entire home directories. Ubuntu’s Encrypted Home Directory feature protects the entire contents of home directories with automatic, seamless, on-the-fly encryption. Ubuntu’s traditionally excellent user experience is maintained with a minor performance impact for most workloads and tight integration with the existing Ubuntu Desktop and Server login prompts.
Encrypted Home Directories were only offered to advanced users of Ubuntu 9.04, but as of Ubuntu 9.10, the option is available in all desktop installations. This feature is similar in feel and usability to FileVault on Mac OS X, and is the first of its kind in a major Linux desktop distribution.
How does it Work?