UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    [Request for input] Encrypt all the things

    Scheduled Pinned Locked Moved General
    5 Posts 4 Posters 174 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • fredldotmeF Offline
        fredldotme
        last edited by

        I want to start a discussion about encrypting more data stored in the /userdata partition, for extra security/paranoia.

        Right now we have /home/phablet encrypted when done so via system-settings, but there's room for improvement. I would like to also encrypt:

        • Wifi settings
        • Apps
        • Potentially more which I don't see yet

        For apps I have created a script which does the encryption in an easy-to-follow manner. This will require a device with policy version 2 support. It's available here: https://gist.github.com/fredldotme/696ab1e22bec4ed296caee471aa89a87

        ATTENTION: Don't try to force the script to run on a system which only supports v1 policies, this will break app installation and uninstallation.

        The script keeps the unencrypted original in /userdata/system-data/opt/click.ubuntu.com-bak which you will have to remove manually after rebooting.

        Encrypting data which is usually accessed by non-phablet users will require v2 policy suppport, so keep that in mind when coming up with ideas.

        Any input?

        For a list of my contributions to Ubuntu Touch visit: https://fredl.me

        If you have enjoyed my work on Ubuntu Touch over the years, please donate to my causes:

        • PayPal: https://paypal.me/beidl
        • Liberapay: https://liberapay.com/fredldotme
        ikozI U 2 Replies Last reply Reply Quote 2
        • ikozI Online
          ikoz @fredldotme
          last edited by ikoz

          @fredldotme Encrypting WiFi settings (/etc/NetworkManager/system-connections) is a must-have, as they contain passwords. But what is the reason to encrypt apps' installation? The executables and assets are public anyway, I don't know any app that stores sensitive data in /opt.

          May the source be with you

          fredldotmeF 1 Reply Last reply Reply Quote 0
          • fredldotmeF Offline
            fredldotme @ikoz
            last edited by

            @ikoz Encrypting apps would prevent tampering with executables and replacing them with malicious ones by evil actors.

            For a list of my contributions to Ubuntu Touch visit: https://fredl.me

            If you have enjoyed my work on Ubuntu Touch over the years, please donate to my causes:

            • PayPal: https://paypal.me/beidl
            • Liberapay: https://liberapay.com/fredldotme
            1 Reply Last reply Reply Quote 1
            • U Offline
              uxes @fredldotme
              last edited by uxes

              @fredldotme
              what about bluez data and system logs?
              /etc/shadow so an attacker can't substitute their password?

              G 1 Reply Last reply Reply Quote 0
              • G Online
                gpatel-fr @uxes
                last edited by

                @uxes

                encrypting logs would mean that no software could run before having entered a decryption key.
                Using a phone to call for help would be impossible for a person not having the code. Could be awkward at times. Or even legally dubious.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post