What’s in my Encrypted ~/Private directory?
October 3, 2008
I’ve spent quite a bit of time over the last 5 months developing, testing, documenting, and blogging about this feature.
Some people have asked, “What do you keep in your encrypted ~/Private directory?” So I thought I’d respond here. If there happen to be an other planet.ubuntu.com bloggers out there using an Encrypted Private Directory, perhaps this should be our next MeMe 🙂
kirkland@t61p:~/Private$ ls -alF
drwx------ 10 kirkland kirkland 4096 2008-10-03 10:30 ./
drwx------ 95 kirkland kirkland 4096 2008-10-03 10:24 ../
drwx------ 4 kirkland kirkland 4096 2008-10-03 10:23 Documents/
drwx------ 5 kirkland kirkland 4096 2008-10-03 10:30 .evolution/
drwx------ 2 kirkland kirkland 4096 2008-10-03 09:54 .gnupg/
drwx------ 4 kirkland kirkland 4096 2008-02-14 06:59 .mozilla/
drwx------ 6 kirkland kirkland 4096 2008-10-03 10:28 .purple/
drwx------ 2 kirkland kirkland 4096 2008-10-01 13:31 .ssh/
drwx------ 10 kirkland kirkland 4096 2008-10-03 09:03 .xchat2/
To protect your sensitive data, such as documents, mail, calendars, contacts, browser cache, messaging logs, and encryption keys in Intrepid, you can simply do the following:
- Install ecryptfs-utils
- $ sudo apt-get install ecryptfs-utils
- Setup your private directory
- $ ecryptfs-setup-private
- Enter your login password, and either choose a mount pass phrase or generate one
- Record both pass phrases in a safe location!!! They will be required if you ever have to recover your data manually.
- Logout, and Log back in to establish the mount
- Make sure that the application whose data you want to protect (e.g. Firefox or Evolution) is not running
- $ ps -ef | grep evolution
- Move the application’s data directory (e.g. ~/.mozilla or ~/.evolution) into your ~/Private directory
- mv ~/.evolution ~/Private
- Establish a symbolic link from the old location to new location
- ln -s ~/Private/.evolution ~/.evolution
I could provide a script to do this, however, care must be taken that applications are not reading and writing data to these directories while they’re being moved, and thus, I recommend that these be handled manually.
Note: If you put all of .ssh in ~/Private, you won’t be able to ssh into the system using public key authentication. In this case, you might want to only put your private key in ~/Private, and leave the rest in the clear.