Data encryption and Ubuntu, Part I

All OS other than Windows open for discussion and problem solving.

Moderators: JeanInMontana, rockingmtranch, ShadowPuterDude, admin, MysteryFCM, Owner

User avatar
I Have Powah
I Have Powah
Posts: 1893
Joined: Sat Jun 09, 2007 11:13 pm
Location: Meadowbrook, CA

Data encryption and Ubuntu, Part I

Postby rockingmtranch » Fri Nov 21, 2008 2:58 pm

by Hamish Taylor
Friday, 21 November 2008

In a continuing series of articles highlighting that GNU/Linux is a viable replacement operating system, I want to spend a bit of time talking about data encryption, focusing on how to achieve this with the Ubuntu distribution.
Security in general and data encryption in particular are topics dear to my heart. I am a strong believer that in certain circumstances you should have mechanism available to you to protect your own data and be able to share that data only with people and organizations that you trust. I want to outline several ways of keeping your data private.

In the first article, I want to look at one of the features of the recently released Ubuntu 8.10 distribution: setting up a Private (encrypted) directory on your PC. In a series of articles after that I want to look at file and email encryption, the latter using both GPG/PGP and S/MIME. After that we'll look at some other things you can do to help ensure the security of your data.

It is going to be a bit of a journey, so let's start with the Private directory on Ubuntu.

Firstly, a bit of background. The last few versions of Ubuntu have included a way of encrypting the entire Home directory, which is similar to Microsoft's C:\Documents and Settings in Windows XP or C:\Users in Windows Vista. All user related files and settings are kept in Linux's Home directory.

However, the only way to take advantage of encrypting the Home directory was to install Ubuntu using the Alternate Install CD, as opposed to the regular LiveCD. The Alternate Installer is a text based installer, rather than a graphical installer and therefore a bit off-putting to many people. Apart from that, it doesn't get a lot of press coverage and many people don't know about it.

I'll readily admit that I have never used the Alternate Installer CD. The ability to encrypt the Home directory using the regular LiveCD is slated for a future release of Ubuntu.

As I haven't used it, I don't have an encrypted Home directory on my laptop. This is a little concerning to me, as when I travel, I carry it around with some files that I wouldn't want to get into the wrong hands.

Now, I know what you are all thinking and I don't mean those sort of files!!! I mean things like my scanned signature, copies of my passport and drivers license, travel insurance documents and other things which could be easily used for identity theft. At times, I may also have information on projects on which I have worked for various clients, containing things like their Domain Administrator or root user password and so on.

I am sure that we could all come up with similar examples of files and information that we really wouldn't want random people to have access to. Protecting stuff like that is pretty important, and I just don't trust myself not to loose my laptop with all of that still on it!

Let's see how to set this up on Page 2 (it's really easy!)...

With Ubuntu 8.10, you have the ability to create an Private encrypted folder and store files in it. The folder is opened (mounted) when you log in and closed (unmounted) when you log out. A word of caution: if you Hibernate or Standby the folder is left open, therefore if someone has your username and password combination they can log in and get to the data in the Private folder.

To create this folder you do have to use the dreaded Command Line Interface!!!

Go to Applications, Accessories, Terminal and type in the following (without the quotation marks; I just use them to let you know the exact command): "sudo apt-get install ecryptfs-utils". Hit Enter. You'll be asked for your password, and the installer will go off and download and install some files. When that's done, type in "ecryptfs-setup-private" and hit Enter. You'll be asked for a mount password, then it will give you some random messages and after that you'll have a Private folder in your Home folder (/home/<your_user_name>/Private/).

If you open up the Private folder, you'll see a file with a really long silly name. To get rid of it, just log off and log back in again (or type in "sudo mount.ecrypt_private" into the Terminal).

That's it! You now have an area where you can securely store data. What this means is that if someone ever gets hold of your machine, takes the hard drive out and looks at it using another machine or boots up your machine with a LiveCD, then they will not be able to see any data in that Private folder; it will all be gibberish. (Of course, if they have your username and password, then it's game over and they have access to everything. That's why ultimately everything always comes down to the strength of the passwords you use.)

In the next article, I'll be looking at GPG/PGP and how to use it to send encrypted email to people. I found this really useful when working in China on an international project. I was getting things such as Administrator passwords and VPN keys from the Netherlands via encrypted emails.

As always, please leave feedback, comments and questions. However, I will only respond to comments left on iTWire article discussion forums.
Linux. Don't fight it. You will be assimilated.
Gulf War Vet--2nd Squadron, 2nd Armored Cavalry--Fort Polk, LA

Return to “Linux - Unix et al”

Who is online

Users browsing this forum: No registered users and 1 guest