ubuntu-us-florida team mailing list archive

Thread
Date

Fwd: Attention Encrypted Home Users...

To: Ubuntu-FL List <ubuntu-us-fl@xxxxxxxxxxxxxxxx>, Ubuntu FL List <ubuntu-us-florida@xxxxxxxxxxxxxxxxxxx>
From: Dan Trevino <dantrevino@xxxxxxxxx>
Date: Sat, 27 Feb 2010 16:04:05 -0500
In-reply-to: <d9c105ea1002261507p2e5447c2ic683894f090b133a@mail.gmail.com>

FYI ... If you use encrypted home directories, please read ...

---------- Forwarded message ----------
From: Dustin Kirkland <kirkland@xxxxxxxxxx>
Date: Fri, Feb 26, 2010 at 6:07 PM
Subject: Attention Encrypted Home Users...
To: ubuntu-users <ubuntu-users@xxxxxxxxxxxxxxxx>, Ubuntu Developers
<ubuntu-devel@xxxxxxxxxxxxxxxx>, ecryptfs-users@xxxxxxxxxxxxxxxxxxx,
ecryptfs-devel <ecryptfs-devel@xxxxxxxxxxxxxxxxxxxxx>

We're rapidly pushing toward an excellent Ubuntu 10.04 LTS release,
and we have made a few improvements in the way your Encrypted Home's
metadata is stored.

If you configured your Encrypted Home with Ubuntu 9.10 (Karmic) or
Ubuntu 10.04 (Lucid), then no action is required, -- you may stop
reading here.

If you're not sure, and you want to check if you need to read this
email, take a look at your /var/lib/ecryptfs directory. If that
directory is empty, or it does not exist, you may stop reading here.
If that directory has contents, then you may want to continue
reading...

Ubuntu 9.04 (Jaunty) Encrypted Home installations stored eCryptfs
metadata in /var/lib/ecryptfs/$USER. This information is absolutely
required to mount your Encrypted Home Directory. Actually, everything
in here can be re-created if you wrote down your randomly generated
mount passphrase!  Please be absolutely certain that you have recorded
your mount passphrase, on a piece of paper, stored somewhere safely,
separate from your computer!  You can retrieve your randomly generated
passphrase by running the ecryptfs-unwrap-passphrase utility.  Oh, and
don't just copy wrapped-passphrase to your $HOME directory and expect
that to be sufficient.  This is effectively locking your keys in your
car (and your car is an armored vehicle).

For Ubuntu 9.10 (Karmic), new installs actually put this metadata in
/home/.ecryptfs/$USER. This is far more convenient for users who put
all of /home on its own partition, or for users who just simply backup
all of /home.

I've previously written about how to move your metadata out of
/var/lib/ecryptfs. Particularly if you're planning a Lucid upgrade of
a system that was originally installed with Jaunty's Encrypted Home
Directory, I strongly recommend that you follow these instructions:

http://blog.dustinkirkland.com/2009/08/moving-your-encrypted-home-meta-data.html
http://blog.dustinkirkland.com/2010/02/attention-encrypted-home-users.html

Cheers,
:-Dustin

--
ubuntu-devel mailing list
ubuntu-devel@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

-- 
---
Life, Liberty, and the pursuit of Open Standards!