Users and Groups
to add a new user, making sure to click the check-box option to enable encryption.But that's not good enough. You need to encrypt your swap partition as well, since anything in RAM could be swapped out onto the swap partition on disk and be read back at a later time. Turns out this is easy to do in Ubuntu as well.
You'll need to install
cryptsetup
from the Synaptic Package Manager
and of course ecryptfs
must also have been installed previously as well (you'd need to have had that installed to enable encrypted user folders in the first place, but I just can't recall if that was installed as part of the standard Lucid Lynx distribution or if I had installed it myself afterwards...).Once
cryptsetup
is installed, just do sudo ecryptfs-setup-swap
. Read the warning that's thrown up, it explains to you that at this time, hibernation is incompatible with encrypted swap (although suspend works fine), and indicate your agreement (or not to cancel the procedure).You don't need to have logged out or anything. This command will work on its own, or at least it did for me without any special prior setting up. Once that's done, you can verify it by checking
less /etc/fstab
to see if the original swap disk setup had been commented out and a new encrypted disk is set up for swap in its place.Once that's done, you should look into securely erasing the free space on the swap and the root volumes to ensure anything sensitive that's been "spilled" out of encryption containment in the past gets cleaned up now. You'll need the
secure-delete
package of tools, specifically sfill
and sswap
. See this answer for details.[Edit: Actually, I recommend looking into securely erasing the free space on swap before encrypting it. Would've made the process just a tad bit more convenient.]
No comments:
Post a Comment