while transferring it across the Internet, so anybody who intercepts it in transit will be unable to read it.
Ubuntu allows the encryption and decryption of files and folders, but those using Ubuntu 8.10 or later can also create an encrypted file store, in which files are automatically and invisibly encrypted.
Creating an encrypted /private folder
Ubuntu 8.10 Intrepid Ibex introduces technology that allows on-the-fly encryption of files. How it works is that an encrypted filestore is created. This is effectively a large archive file, like a tar file.
When the user logs in, the filestore is “unlocked” and mounted in the /private folder within a user’s /home folder.
Any files saved to /private are automatically encrypted, although the user is entirely unaware of this. They can browse the folder just like any other, and read/write files within it without any additional work. If a file is removed from the folder, it is automatically decrypted but, again, this is invisible to the user. Nobody apart from the owner is able to access the files within the
/private folder—other users are locked out, although the root user can
access the files while the user is logged in.
When the user logs out, or shuts down the computer, the filestore is “locked”—the filestore is unmounted, making its contents inaccessible until the next login. This stops anybody accessing the files by booting the computer into rescue mode—a common way of bypassing security measures, in which the user is given root powers without having to enter a password.
Setting-up the encrypted folder is simple. First, if you haven’t already, update your system software as described at the beginning of this chapter. Then open a terminal window (Applications Accessories Terminal) and type the following commands:
sudo apt-get install ecryptfs-utils ecryptfs-setup-private
You’ll need to type your login password when prompted after typing the second of the commands. You’ll also be invited to create a mount passphrase. This can be anything from a few words to a sentence, and can include numbers and symbols such as punctuation marks. Ensure you remember what you type because you might need it at a future date
124 : Securing the System