Data encryption and Ubuntu, Part I

By Hamish Taylor
Friday, 21 November 2008 06:37

Opinion and Analysis

In a continuing series of articles highlighting that GNU/Linux is a viable replacement operating system, I want to spend a bit of time talking about data encryption, focussing on how to achieve this with the Ubuntu distribution.
Security in general and data encryption in particular are topics dear to my heart. I am a strong believer that in certain circumstances you should have mechanism available to you to protect your own data and be avle to share that data only with people and organisations that you trust. I want to outline several ways of keeping your data private.

In the first article, I want to look at one of the features of the recently released Ubuntu 8.10 distribution: setting up a Private (encrypted) directory on your PC. In a series of articles after that I want to look at file and email encryption, the latter using both GPG/PGP and S/MIME. After that we'll look at some other things you can do to help ensure the security of your data.

It is going to be a bit of a journey, so let's start with the Private directory on Ubuntu.

Firstly, a bit of background. The last few versions of Ubuntu have included a way of encrypting the entire Home directory, which is similar to Microsoft's C:\Documents and Settings in Windows XP or C:\Users in Windows Vista. All user related files and setings are kept in Linux's Home directory.

However, the only way to take advantge of encrypting the Home directory was to install Ubuntu using the Alternate Install CD, as opposed to the regular LiveCD. The Alternate Installer is a text based installer, rather than a grapical installer and therefore a bit off-putting to many people. Apart from that, it doesn't get a lot of press coverage and many people don't know about it.

I'll readily admit that I have never used the Alternate Installer CD. The ability to encrypt the Home directory using the regular LiveCD is slated for a future release of Ubuntu.

As I haven't used it, I don't have an encrypted Home directory on my laptop. This is a little concerning to me, as when I travel, I carry it around with some files that I wouldn't want to get into the wrong hands.

Now, I know what you are all thinking and I don't mean those sort of files!!! I mean things like my scanned signature, copies of my passport and drivers licence, travel insurance documents and other things which could be easily used for identity theft. At times, I may also have information on projects on which I have worked for various clients, containing things like their Domain Administrator or root user password and so on.

I am sure that we could all come up with similar examples of files and information that we really wouldn't want random people to have access to. Protecting stuff like that is pretty important, and I just don't trust myself not to loose my laptop with all of that still on it!

Let's see how to set this up on Page 2 (it's really easy!)...