“I’ve been hacking on and off with W. Michael Petullo on integrating LUKS into the GNOME desktop via HAL and patches are now upstream. I think it rocks. I’ve prepared a small screencast.” What exactly is LUKS? “LUKS is the upcoming standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not only facilitate compatibility among distributions, but also provide secure management of multiple user passwords. In contrast to existing solution, LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.”
In Ubuntu, I use “libpam-encfs” + “encfs”. After being set up properly, here is how it works for me:
1.) Turn on computer and let gdm load.
2.) Login with my user/password.
3.) My files are transparently decrypted and I login with only a slight delay as files are decrypted under my /home/$USER folder.
In contrast to LUKS, libpam-encfs encrypts folders so it is a much more lightweight solution. The screencast is very cool though.
So why exactly is LUKS “THE” upcoming standard for Linux encryption?
Nice work. HAL is really coming along, too.
It’s nice to see this being considered at the file manager / simple level.
My only concern with this sort of implementation is key recovery. Is it possible to easily “backup” your (primary keys) gnome-keyring?
the real encryption is done by dmcrypt
cryptsetup rocks, but is being replaced by cryptsetup-luks, which has more features
i’m using a dmcrypted partition without any problems (it’s ext3 formatted – beware, mounting “partition images” on top of another file system should NOT be formatted with a journaled filesystem)
I assume dmcrypt works on loop-mounted filesystem images. Is GNOME planning to add UI support for creating and mounting such images, like exists in OS X?
losetup /dev/loop0 /path/to/file
cryptsetup -h hash_algo create image /dev/loop0
mount /dev/mapper/image /mnt/place
no, dmcrypt does not use loop-mount but uses the more modern device mapper (/dev/mapper)
and yes, one can just pcopy or dd the partition (but do a mount -o rw first) – the copy will be encrypted and mountable
yes, i love dmcrypt + luks 🙂
LUKS is something that needs to go mainstream so everyone can work with encrypted media. I’m pleased the Fedora community is stepping up to this challenge.