UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    [Request for input] Encrypt all the things

    Scheduled Pinned Locked Moved General
    2 Posts 2 Posters 54 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • fredldotmeF Offline
        fredldotme
        last edited by

        I want to start a discussion about encrypting more data stored in the /userdata partition, for extra security/paranoia.

        Right now we have /home/phablet encrypted when done so via system-settings, but there's room for improvement. I would like to also encrypt:

        • Wifi settings
        • Apps
        • Potentially more which I don't see yet

        For apps I have created a script which does the encryption in an easy-to-follow manner. This will require a device with policy version 2 support. It's available here: https://gist.github.com/fredldotme/696ab1e22bec4ed296caee471aa89a87

        ATTENTION: Don't try to force the script to run on a system which only supports v1 policies, this will break app installation and uninstallation.

        The script keeps the unencrypted original in /userdata/system-data/opt/click.ubuntu.com-bak which you will have to remove manually after rebooting.

        Encrypting data which is usually accessed by non-phablet users will require v2 policy suppport, so keep that in mind when coming up with ideas.

        Any input?

        For a list of my contributions to Ubuntu Touch visit: https://fredl.me

        If you have enjoyed my work on Ubuntu Touch over the years, please donate to my causes:

        • PayPal: https://paypal.me/beidl
        • Liberapay: https://liberapay.com/fredldotme
        ikozI 1 Reply Last reply Reply Quote 1
        • ikozI Online
          ikoz @fredldotme
          last edited by ikoz

          @fredldotme Encrypting WiFi settings (/etc/NetworkManager/system-connections) is a must-have, as they contain passwords. But what is the reason to encrypt apps' installation? The executables and assets are public anyway, I don't know any app that stores sensitive data in /opt.

          May the source be with you

          1 Reply Last reply Reply Quote 0
          • First post
            Last post