What’s in my Encrypted ~/Private directory?

October 3, 2008

Ubuntu Intrepid’s integration of Per-User Encrypted Private Directories is one of the most important new features to me to be included in the 8.10 release later this month.

I’ve spent quite a bit of time over the last 5 months developing, testing, documenting, and blogging about this feature.

Some people have asked, “What do you keep in your encrypted ~/Private directory?” So I thought I’d respond here. If there happen to be an other planet.ubuntu.com bloggers out there using an Encrypted Private Directory, perhaps this should be our next MeMe :-) 

kirkland@t61p:~/Private$ ls -alFtotal 40drwx------ 10 kirkland kirkland 4096 2008-10-03 10:30 ./drwx------ 95 kirkland kirkland 4096 2008-10-03 10:24 ../drwx------  4 kirkland kirkland 4096 2008-10-03 10:23 Documents/drwx------  5 kirkland kirkland 4096 2008-10-03 10:30 .evolution/drwx------  2 kirkland kirkland 4096 2008-10-03 09:54 .gnupg/drwx------  4 kirkland kirkland 4096 2008-02-14 06:59 .mozilla/drwx------  6 kirkland kirkland 4096 2008-10-03 10:28 .purple/drwx------  2 kirkland kirkland 4096 2008-10-01 13:31 .ssh/drwx------ 10 kirkland kirkland 4096 2008-10-03 09:03 .xchat2/

To protect your sensitive data, such as documents, mail, calendars, contacts, browser cache, messaging logs, and encryption keys in Intrepid, you can simply do the following:

  • Install ecryptfs-utils
    • $ sudo apt-get install ecryptfs-utils
  • Setup your private directory
    • $ ecryptfs-setup-private
  • Enter your login password, and either choose a mount pass phrase or generate one
    • Record both pass phrases in a safe location!!! They will be required if you ever have to recover your data manually.
  • Logout, and Log back in to establish the mount
  • Make sure that the application whose data you want to protect (e.g. Firefox or Evolution) is not running
    • $ ps -ef | grep evolution
  • Move the application’s data directory (e.g. ~/.mozilla or ~/.evolution) into your ~/Private directory
    • mv ~/.evolution ~/Private
  • Establish a symbolic link from the old location to new location
    • ln -s ~/Private/.evolution ~/.evolution

I could provide a script to do this, however, care must be taken that applications are not reading and writing data to these directories while they’re being moved, and thus, I recommend that these be handled manually.

Note: If you put all of .ssh in ~/Private, you won’t be able to ssh into the system using public key authentication. In this case, you might want to only put your private key in ~/Private, and leave the rest in the clear.

Please open any bugs or ask any questions in Launchpad.

:-D ustin

Posted by Dustin Kirkland
Filed in Ubuntu, Ubuntu-Server
2 Comments »

2 Responses to “What’s in my Encrypted ~/Private directory?”

  1. nijaba Says:

    October 28, 2008 at 8:39 pm

    This blog post content and more is now available on https://help.ubuntu.com/community/EncryptedPrivateDirectory

    Thanks Dustin :)

  2. Weeklypedia Says:

    October 30, 2008 at 4:56 am

    Thank you


Leave a Reply

You must be logged in to post a comment.