I think this would be a great feature. Currently, there's an all-or-nothing approach to encryption with GNU/Linux systems, and this feature would be a good compromise between difficulty and security. Perhaps there could be even be a default folder in a user's home directory "Private Files" or something that is encrypted by default.
On 04/10/2013 09:26 AM, Sam Bull wrote: > This is a follow-up to the previous thread on gnome-os-list, I'm also > posting this one to nautilus-list. > > There is currently a fundraiser for improved security in GNOME > (http://www.gnome.org/friends/). One thing I'd like to see, is good > encryption support. For the moment, I'm going to focus on one specific > feature, modular encryption. > > The problem with full disk/home encryption, is that it can't be used by > people who auto-login. It shouldn't be necessary to login everytime you > use the computer, or to allow a friend to quickly look something up on > the internet. But, at the same time, you shouldn't have to sacrifice > security. > > My solution to one part of the puzzle, is to allow encrypting individual > folders. Previously, there was no easy, GNOME-like way to do this. > > I've updated my previous Nautilus extension, so this is no longer the > case. Encrypting folders is a simple matter of right-clicking a folder > and selecting encrypt. Mounting the folder is as simple as opening the > folder. > > This works with auto-login users, as the encryption password is stored > in the keyring, so if it is still locked, it will try to unlock before > it can mount the folder. If the keyring is already unlocked, it is > exactly the same as opening a normal folder (albeit, with a slight lag). > > If you've managed to read this far, then I'd like some feedback on > whether you think this is a good feature, that is worth working on > further integration. And, as an extension of that, if this might make a > good GSoC project, that I could work on. > > Here is a list of things that need to be considered: > To meet the rest of this criteria, this probably needs to be > integrated into Nautilus properly, rather than as an extension. > > If this is integrated into Nautilus, I'm guessing encfs should > be an optional package, in which case we need to make sure the > encryption option is not visible when encfs is not installed. > > The encryption password should be linked to the encfs key, > rather than the folder location (to provide flexibility with > moving folders). > > Using libsecret can remove the dependency on gnome-encfs, and > will probably be needed for the previous point. > > If moving/renaming a folder in Nautilus, the encrypted > counterpart should also be moved/renamed. Otherwise, the user > will no longer be able to mount it. > > An option to revert an encryption should be added, so it is > reversible. > > Possibly, some kind of emblem could be added to the folder to > indicate it is encrypted. Something like a padlock, but would > need to be visually distinct from the read-only one. > > The folder, before mounting, is empty. It might be an idea to > hack the display of size to be the size of the encrypted folder. > Otherwise, all non-mounted folders display "0 items". > > The implementation needs to copy items back to the original > folder and present an error message if the encryption process > fails. At the moment, the files would be dumped somewhere > in /tmp. > > Hopefully, that about covers everything. If there's anything else that > needs to be considered, please mention it. > > Link to current extension implementation: > http://blog.sambull.org/easily-encrypt-folders-2 > > Thank you for your time, > Sam Bull > > > > _______________________________________________ > gnome-os-list mailing list > [email protected] > https://mail.gnome.org/mailman/listinfo/gnome-os-list
_______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
