asked 2013-12-26 01:26:45 +0300
Option for encryption of $HOME and Android directories containing user data is needed.
Use case: I do not want to worry about my data stored on the device (including various access tokens and keys) in case I loose the phone or it gets stolen.
answered 2014-02-08 18:29:58 +0300
As an alternative, I suggest porting TrueCrypt to the Jolla phone (TrueCrypt runs very well on my N900).
Truecrypt is IMHO not a good fit here as it creates containers with a fixed size. Additionally there may be license issues as the Truecrypt license allows to view the source code but prohibits changing it.
schmittlauch ( 2014-03-16 20:29:20 +0300 )edit"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" see: http://www.truecrypt.org/
utkiek ( 2014-05-29 18:13:01 +0300 )edit@schmittlauch@utkiek TrueCrypt should work out as intended, audit came out clean. And there are optional forks, like VeraCrypt being actively developed - it supports TrueCrypt-containers too. While dm-crypt with luks might be the best option, having support for encrypted containers made with True/VeraCrypt would be really nice to have.
tuotantoarvio ( 2015-04-23 02:12:17 +0300 )editanswered 2014-01-12 18:15:14 +0300
Thanks for the input, we will look how to imprive the situation. Most likely some future kernel will have ecryptfs support added builtin. In a meanwhile you should enable devicelock code, as that will protect most of the use cases (not sd-card, and not people with access to hardware chip readers) against theft.
Also add the ability of precting the sd card with a password in a future update please. :)
Alex ( 2014-04-18 16:53:02 +0300 )editanswered 2014-01-08 14:30:43 +0300
I know from @Aard that this is WIP/OnToDoList. This will take a while, crypt modules will get to the kernel soon but only for testing purpose for the mean time.
answered 2013-12-26 01:34:02 +0300
I did spot a "jolla-devicelock-plugin-encpartition" package when rumaging through repositories, so it looks like jolla is working on something alike.
Asked: 2013-12-26 01:26:45 +0300
Seen: 13,161 times
Last updated: Aug 18 '16
see also keychain linked to TOH & link all/previous changes to TOH
AL13N ( 2013-12-26 01:45:17 +0300 )editThis should be fairly easy, as Linux already has all these LUKS/dmcrypt and eCryptFS stuff done. It might however need more CPU and thus consume battery. Maybe better put it as an option users can choose it they want to.
Please add tag 'securiity'
otto ( 2013-12-26 23:34:48 +0300 )editBesides home directory ecryption, also include option to encrypt SD card contents. That would be something that not even Android supports yet. And please use some standard Linux crypto so that the SD card can be mounted and opened without the original phone.
otto ( 2013-12-26 23:36:42 +0300 )edit@otto this isn't as easy as one might think, because there's a lot of catch 22's here... order of services becomes important, etc... in theory all elements are available, but i can guarantee that alot of time will be spent in order to combine it into "1 feature"
AL13N ( 2013-12-26 23:38:28 +0300 )editLooking at the locked bootloader shitstorm today, we need encryption ASAP to allow the boot loader opened again: vote, vote, vote!
We must not loose any more developers!
ortylp ( 2013-12-28 13:25:13 +0300 )edit