Package: ecryptfs-utils
Version: 111-5
Severity: wishlist
I'm aware that ecryptfs-utils is no longer maintained upstream, and
hasn't seen a release (or even an upstream commit) in ~5 years.
I was also aware of dm-crypt for full-disk encryption, but hadn't heard
of fscrypt prior to today. Fscrypt, according to
https://wiki.archlinux.org/title/Fscrypt , provides a way to switch to
something supported (and supposedly faster?) than ecryptfs for those of
us who want seamless encrypted home directories without having to supply
an extra password as full-disk encryption requires.
At the very least, it would be nice if this alternative option was
documented in the ecryptfs-utils package in a README.Debian or
something. I'd be happy to submit a patch to add this.
Even better would be to include a script or something to convert a
(home) directory from ecryptfs to fscrypt*. I realize that it couldn't
be done automatically, but having it available would be incredibly
helpful; similar to how encryptfs-utils includes an
ecryptfs-migrate-home script (though you could argue that such a script
belongs in the fscrypt package). Let's maybe start with documentation first?
* seems like the steps would be to ensure fscrypt is installed, > 50%
space available, filesystem has /.fscrypt and the encrypt flag set,
pam_fscrypt.somewhere in /etc/pam.d/, and then create a new directory;
run fscrypt encrypt newdir --user=$user; cp -ra /home/$user/ newdir; mv
/home/$user olddir; mv newdir /home/$user; and then tell the user to
reboot and then delete 'olddir'. There's probably some steps in there to
deal w/ the .Private directory that ecryptfs was using, as well.
