EcryptFS graphical user interface for Ubuntu desktop
Currently there is no graphical utility to configure ecryptfs-utils once installed, however some experimental work has been done at https:/
Blueprint information
- Status:
- Started
- Approver:
- None
- Priority:
- Low
- Drafter:
- Michael Rooney
- Direction:
- Needs approval
- Assignee:
- Michael Rooney
- Definition:
- Discussion
- Series goal:
- Accepted for lucid
- Implementation:
-
Started
- Milestone target:
- None
- Started by
- Michael Rooney
- Completed by
Related branches
Whiteboard
2009-01-25 pitti: First round of review:
- Design, "undo encryption" -> This should not be part of this UI spec. Please move into "unresolved issues" or drop altogether
- Integration into "System > Preferences > Encryption and Keyrings" makes a lot of sense; please resolve the question marks and options. My personal preference would be to always show the tab, and offer a button to install the necessary packages if they are not available. Please discuss that with seahorse upstream, so that we don't have to maintain that large UI patch forever; if they do not like it, consider a separate application instead.
- Notifying about writing down the passphrase: This could be done via an update-notifier message (https:/
- Implementation: Please carefully ensure to not copy the passphrase around, mlock() it, and not store it in memory permanently, so that it has a low chance of getting leaked
- Migration: I agree to Dustin, please drop. This is about UI integration, let's not make the spec unnecessarily big.
- Do you have some UI mockups/screenshots which you could add to the spec, so that our usability experts can have a look at this?
Thanks so far! Michael, please let me know if you need further help with drafting that, or have further questions. Please set to "Review" once above points are settled.
2009-01-28 mrooney: Thanks for the review, I've tried to clean up things where appropriate. I added a screenshot of the utility in its current state which is actually functional in that it can display the current state, toggle it, and toggle the automatic options. Obviously it needs more features and should either be integrated into seahorse-
2009-02-01 pitti: Thanks. This addresses many of the points above. Remaining:
- Integration into "System > Preferences > Encryption and Keyrings" makes a lot of sense; please resolve the question marks and options. My personal preference would be to always show the tab, and offer a button to install the necessary packages if they are not available. Please discuss that with seahorse upstream, so that we don't have to maintain that large UI patch forever; if they do not like it, consider a separate application instead.
- Notifying about writing down the passphrase: This could be done via an update-notifier message (https:/
- [new issue] Why is the python API an unresolved issue?
2009-02-01 mrooney: Okay, I've removed the API from unresolved issues; that is addresses elsewhere so I assume it is agreed upon that it should ship with ecryptfs-utils. I've attempted to address the notification as well. I am confused though as to what exactly the Integration issue is. I can't seem to find any question marks or options regarding integration, except at the bottom in discussion, which seems valid, unless you don't want that. Thanks!
2009-02-08 pitti: Looks pretty good now; I made a clarification about the interactive upgrade hook.
2009-05-13 mrooney: I've started working on this again and hope to have a functional UI which can take the user from not having ecryptfs-utils installed, to having a functional, configurable Private directory to show at UDS Karmic. As such I've proposed it for the sprint. It looks like some work was done with a hook for recording the passphrase; is that step done?
2009-05-13 pitti: yes, jaunty shows a dialog about writing down your passphrase if you use ecryptfs.
2009-05-13 kirkland: yes, but it needs some improvement. Specifically around internationaliz
2009-11-02 kirkland: I suggest that we create a small punchlist of the places that we really need graphical integration between eCryptfs and the Ubuntu desktop, and we get bugs filed for each of those, and knock this out for Lucid.
2009-11-02 mrooney: I will be at UDS-L and as such can help out in this area if you need. Maybe a session to generate the list of action items and turn them into bugs like you mentioned?
----------------
UDS-Lucid notes:
https:/
Branches:
* API: lp:~mrooney/ecryptfs/pythonapi (see src/python)
* nautilus-
Brainstorming:
- Go for consistency: Firefox exposes a bar, uses background color & lock to show "secure" vs. not secure
- Borrow/build on Nautilus iuntegration already there for audio players/Ubuntu one bar across top of Nautilus navigation
- Look at what Cryptkeeper applet & TrueCrypt do
Migration:
- Some users will come from TrueCrypt in Windows. Any value in making it smooth for them ?
Recovery:
- Simplify accessing unencrypted files from recovery mode without using a decrypt command (just a password)
- Integrate recovery (ie "what's my key") to Nautilus
Usability:
- Find a better name for "mount/unmount"
- We already have 3 names (known bug), no need
Mock up a pattern for encrypted areas in nautilus
- It has to scale to "whole system encryption", or, what should we do when the home encrypted
- Maybe it makes sense to follow the same pattern as Firefox (in the url area)?
- Maybe the same as Ubuntu One? Use that area to give a little bit more information?
- Settings in both cases, home directory doesn't have an "unmount"
- Find a better name for "mount/unmount"
- Redesign the preference dialog (for home, and for /Private), maybe show the *real* directory where the data is stored, probably an advanced option
- Also advanced, see the encrypted passphrase
Goals for lucid:
- KISS, since we do not want to make large structural changes anyway
- Get nautilus integration (consider "entire home" special case)
- No capplet
- We certainly need to reconsider more advanced use cases later on
- Unify whatever we do with LuksFS
- Clear up the dialog that encrypts your passphrase
