This is a follow-up to the previous thread on gnome-os-list, I'm also posting this one to nautilus-list. There is currently a fundraiser for improved security in GNOME (http://www.gnome.org/friends/). One thing I'd like to see, is good encryption support. For the moment, I'm going to focus on one specific feature, modular encryption. The problem with full disk/home encryption, is that it can't be used by people who auto-login. It shouldn't be necessary to login everytime you use the computer, or to allow a friend to quickly look something up on the internet. But, at the same time, you shouldn't have to sacrifice security. My solution to one part of the puzzle, is to allow encrypting individual folders. Previously, there was no easy, GNOME-like way to do this. I've updated my previous Nautilus extension, so this is no longer the case. Encrypting folders is a simple matter of right-clicking a folder and selecting encrypt. Mounting the folder is as simple as opening the folder. This works with auto-login users, as the encryption password is stored in the keyring, so if it is still locked, it will try to unlock before it can mount the folder. If the keyring is already unlocked, it is exactly the same as opening a normal folder (albeit, with a slight lag). If you've managed to read this far, then I'd like some feedback on whether you think this is a good feature, that is worth working on further integration. And, as an extension of that, if this might make a good GSoC project, that I could work on. Here is a list of things that need to be considered: To meet the rest of this criteria, this probably needs to be integrated into Nautilus properly, rather than as an extension. If this is integrated into Nautilus, I'm guessing encfs should be an optional package, in which case we need to make sure the encryption option is not visible when encfs is not installed. The encryption password should be linked to the encfs key, rather than the folder location (to provide flexibility with moving folders). Using libsecret can remove the dependency on gnome-encfs, and will probably be needed for the previous point. If moving/renaming a folder in Nautilus, the encrypted counterpart should also be moved/renamed. Otherwise, the user will no longer be able to mount it. An option to revert an encryption should be added, so it is reversible. Possibly, some kind of emblem could be added to the folder to indicate it is encrypted. Something like a padlock, but would need to be visually distinct from the read-only one. The folder, before mounting, is empty. It might be an idea to hack the display of size to be the size of the encrypted folder. Otherwise, all non-mounted folders display "0 items". The implementation needs to copy items back to the original folder and present an error message if the encryption process fails. At the moment, the files would be dumped somewhere in /tmp. Hopefully, that about covers everything. If there's anything else that needs to be considered, please mention it. Link to current extension implementation: http://blog.sambull.org/easily-encrypt-folders-2 Thank you for your time, Sam Bull
Attachment:
signature.asc
Description: This is a digitally signed message part