Hi, I really need something like this. My family multimedia center, based on ubuntu, contains a lot of movies (horror and such) that my small children better not click on by accident. Still, I want them to be able to access the cartoons section in the Movies directory. Everybody just uses my account, it is always logged in, so decrypt at login does not cut it. Instead I need something that pops up an “enter decrypt password” dialog when someone tries to access the grown-up movies.

Since I got some upstream questions I’ll give an update there. The projects this would touch are ecryptfs-utils and potentially seahorse. ecryptfs-utils has stated an interest in this so that means the nautilus extension, python API, and setup/configuration UI are likely to land upstream there.

As far as seahorse I haven’t heard anything (I think I contacted them but am not sure), but I’ll hopefully meet someone involved in that project at UDS and discuss it with them. Perhaps I’ll end up putting an “Encrypted Directories” tab in that utility which allows the installation of ecryptfs-utils and from there allows you to launch the ecryptfs UI. I don’t think embedding a whole UI devoted entirely to ecryptfs makes that much sense in seahorse.

i really like this approach!
nautilus intergration looks very cool!
As for the menu approach, i strongly believe that you should talk/work in collaboration with upstream (seahorse?) before implementing yet another system-> administration menu item. Encryption and keyrings is the right way to go IMHO…

Looking forward to have this in karmic!
Gourgi

What about implementing this nice feature upstream?

I love the fact that the open-sourced UbuntuOne client has already help produce cool improvements like this.

All the closed-source UbuntuOne server software has produced in the same timeframe is controversy in the community!

Go open source!

A UI is definitely necessary if desktop users are to take advantage of it. On Mac OS X there is FileVault and it is super easy to setup. However, I don’t currently use it because of concerns of stability/corruption. Of course, I have no evidence of this it’s just something that got baked into my head. I think it’s important to address the “safety” of using a new feature and I hope Canonical/Ubuntu will have some information about using encrypted home folders and/or encrypted directories.

Things like:
* How do I know some “minor” corruption won’t end up locking me out of all my data?

Thanks for all the encouraging comments everyone!

meastp, for 2-factor encryption with a USB stick I'll point you to Dustin's post on how to do exactly what you say! http://blog.dustinkirkland.com/2009/03/ubuntu-encrypted-home-with-2-factor.html

wiflye81, the theme is shiki-colors (wise) available on gnome-look and potentially will be added to the community themes package in Karmic.

Jim, I am not doing any graphical work for other desktop environments but I have created a python API for ecryptfs and a generic controller for my UI which other DEs can leverage to implement their equivalent quite easily. I'll probably be talking about this at UDS.

Philipp, filename encryption is supported since Jaunty and is the default, though you can specify to not encrypt filenames if you like.

Andrew, System -> Preferences does make sense in some ways, and ideally it would be a tab in the Encryption and Keyrings entry there, although that application is done in C++ and Glade, neither of which I am familiar with so I am not sure it will end up there. I suggested Administration simply because it is a somewhat advanced feature, and will lead to data loss if you forget your password. Though ideally this risk can be mitigated with the proper prompts to record your encryption passphrase.

Would System > Preferences not be better, as it is on a per user basis, rather than a system wide thing.

I will use encryption for sure with a GUI. :) Keep up the good work!

Are filenames encrypted nowadays?

This comment has been removed by the author.

An excellent development, but one which I might not end up using.

Reason being - I need to share an encrypted local space with Windows machines on the same network (& a MacBook possible soon …). I can (and have for some time) do this with TrueCrypt, although with less desktop integration.

So my ideal would be integrated AND Truecrypt compatible.

Hi There,

Thanks for doing this work. :) If possible, would any of this desktop integration be available for Kubuntu or Xubuntu?

Per this bug ( https://bugs.launchpad.net/ecryptfs/+bug/365796 ), the ecryptfs functionality was a bit less fleshed-out in Ubuntu’s non-GNOME distros for Jaunty, so it would be good to include Kubuntu and Xubuntu folks on this.

Thanks again!

Jim

Great work, love to see it in karmic.

Is this the official new theme for karmic (green looks good for koala and eucalyptus ;)) ?

+1 for the GUI to set up encrypted directories!

Currently I’m not using encrypted directories, but would be more likely to if there was a slick UI to set it up.

Fantastic work :-)

I think encrypted-home-by-default for installs is a good goal to reach for. This is the first I’ve heard of ecryptfs though and I wonder if it’s the best tech for the job. I currently use libpam-mount and dm-crypt/luks.

Excellent concept
Love to see it in Karmic

Best of luck!

I am really looking forward to using this, especially since the new laws came in in the states saying that when you (re)enter the states they can take any paper or electronic storage device from you for “examination” without any kind of warrant or even suspicion of wrongdoing?! I mean, I have nothing illegal to hide (not even ripped music or movies) but I would prefer customs officials weren’t looking at my private documents and photos without me knowing. If they need to ask for a password, they need to give an explanation as to why they want it. :)

Anyway, I’m very grateful for your work on this, as the only thing holding me back from using an encrypted directory is a) not knowing how without a gui and b) just wanting to know it’s stable first.

Given a little time, b. will take care of itself, so I’m very happy to see work on a nice gui!

Thank you!

I would love this!

I used encrypted fs a couple of cycles ago, but it was a hassle to have to type the password on start up. Since I am using a laptop, I would like to encrypt at least some of my data, in case of theft etc. This solution will make a breeze, it seems! :)

Could you perhaps consider a feature for two-phase security (e.g passphrase-thing on a usb-pen ) on login / unlock ?

Great, i would love it.
Kind of EncFSVault wich replaces Apple’s FileVault with good encryption.
Hope to see this soon