Re: Encrypted Home Directories?

[Brad Arlt <arlt () cpsc ucalgary ca>]

On Tue, Nov 26, 2002 at 12:53:11PM +0530, Sumit Dhar wrote:
> Hello Everyone,
>
> Here is something I would like to do: (Could someone tell me if it is
> possible on Linux)
>
> -Every user's home directory is encrypted. No one other than the user
> (including root) can read the files/directories of that user.
> -Every time a user logs in, he/she will need to give a password to decrypt
> his/her stuff.
> -The root can delete the users files, but not read them.
> -The whole process should ideally be completely transparent to the user.
>
> Any pointers to programs that can do this on Linux??

The Cryptographic Filesystem and the Transparent Cryptographic
Filesystem (TCFS) I have seen for linux.  The latter used the NFS
framework to accomplish is stuff.  Pam can be used to provide a
transparent login process (no extra password typing need happen).

Last I saw root could only access the files while the home directory
was mounted by the user, unless root knew the password/key for the
filesystem.  This might have been altered, but adding a backdoor key
weakens the cryptographic integrity.

That said, 3 out of 4 of your points are met by TCFS, so maybe that is
enough.

Below is a link to the TCFS homepage.  I haven't bothered to read the
homepage, so what I say above could be much outdated.

http://www.tcfs.it/
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science