[clug] Ubuntu encrypted file systems

[Daniel Pittman]

Ian McLeod <ianmcleod75 at gmail.com> writes:

> Has anyone had any experience with setting up encrypted file systems on
> Ubuntu or other distributions?

Well, I use an encrypted block device[1], then LVM, then the file system, but
the short answer is "yes".

What I /don't/ have experience with is the 'eCryptfs' solution that is
available for providing encrypted subdirectories on top of a normal file
system, and which I understand is how Ubuntu chose to implement the
feature.[2]

> I am wondering if it is rocket science, or needs to be performed at install.

For the encrypted block device, "a little", and "it is easiest", but you /can/
change things over afterwards if you have the time, energy and skills.

[...]

> I have turned up a few sites on the net but all seem complicated.  I am
> wondering if Karmic Koala (next Ubuntu version) will support this out of the
> box so I should wait, or dive in and do it now.

> Also wondering if encryption will break suspend or hibernate which would
> really suck, as I really like the suspend to RAM working on my fancy new
> Ubuntu netbook when I close the screen.

No, hibernation works just as well, and just as badly, on Debian on the
encrypted device — and the image stored on disk is *inside* the swap partition
inside an LVM volume, inside the encrypted storage.

This does depend on your distribution, though.

Regards,
        Daniel

Footnotes: 
[1]  Actually, a two-disk software RAID10,f2, then dmcrypt volume, then...

[2]  I think the MacOS solution of creating an encrypted loopback "block"
     device and stacking the file system on top of that is better, but
     obviously Canonical did their research before making the call...

-- 
✣ Daniel Pittman            ✉ daniel at rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons
   Looking for work?  Love Perl?  In Melbourne, Australia?  We are hiring.