NOTE: This page is part of the Ubuntu Specification process. Please check the status and details in Launchpad before editing. If the spec is Approved then you should contact the Assignee, or another knowledgeable person, before making changes.

Summary

This specification aims to implement directory-level encryption settings controlled by the user.

Rationale

Sensitive personal data can be accessed via LiveCD or alternate OS; this information should be encrypted. It is, however, inappropriate to make mandatory encryption of all of $HOME, as loss of password leads to loss of encrypted data.

Use cases

There are several.

Scope

Our scope is individual folders owned by the user and selected for encryption.

Design

EncFS will be used for encryption.

Control should be managed by a user-level daemon using a configuration file in the user's $HOME directory. Lacking this configuration file, encrypted directories can be detected when accessed by the file browser or a VFS system such as gnome-vfs to allow recovery in the case of destroyed daemon configurations.

Interfaces to the user-level daemon may include a stand-alone client; but a Security tab in the file browser makes more sense.

Encrypted folders should be marked as Manual and Automatic Mount.

The daemon should be activated automatically when the user logs in, and should automatically mount Automatic Mount encrypted folders. Manual mount encrypted folders should be mounted when the user tells it to; if a VFS system such as gnome-vfs detects access to an encrypted directory (configured or visibly encrypted), it should prompt the user for manual mounting.

The password for each encrypted folder should be stored as well, encrypted via GPG key. The preferred mechanism for creating or mounting an encrypted folder should be to ask the user for their GPG key passphrase. Actual passwords per folder can be randomly generated and very long.

The interface to create an encrypted folder should give a prominently visible link to a help system entry which details the concerns and best practices of handling a GPG key and encrypted folders. The following important details should be stressed:

Implementation

See Design; this probably needs work.

Code

Unresolved issues

BoF agenda and discussion


CategorySpec

EncFSIntegration (last edited 2008-08-06 16:26:10 by localhost)