Sharing an encrypted home directory between Ubuntu installs

Solution 1:

Its not really a problem of whether you can do it, it is a problem of how far you are willing to compromise your encryption.

From any system you can mount any encrypted partition, as you have found. But to do this you must have credentials (the password or key to decrypt it). If you want a system to be able to automatically mount something that is encrypted then you must give it the keys to that encryption, and in this case the most straightforward solutions (and probably the only solutions, were you to opt for automount) would be to store your password in plain-text and have it accessed as a part of boot. The reason for this is that when you login your system must be able to read some home/ for you somewhere before you can manually provide credentials unless they are stored somewhere vulnerable outside the encrypted partition.

In any case, this point is moot. Sharing /home between two major versions is a bad idea -- your dotfiles are not going to be interpreted the same way between two major releases and some setting is either going to get corrupted or just not work at all the way you expect (or not work at all).

I suggest that instead of sharing /home itself, you might want to have a third partition that contains things like documents/, videos/, pictures/, bin/, and whatever other application data you actually use yourself, and leave the dotfiles, settings, browser history, etc. separated. An easyish way to accomplish this is to just replace the default user data directories with symlinks that point to your mount location. So, for example:

sda1  -> mounted at / for 11.04
sda2  -> mounted at / 12.04
sda3  -> encrypted, mounted at /home/you/mnt/ under both

sda3 will contain your user data, so when you mount it you will get

/home/you/mnt/documents
/home/you/mnt/pictures
/home/you/mnt/videos
/home/you/mnt/music
/home/you/mnt/bin
# ...etc

Your original directories will be replaced by symlinks of the form:

/home/you/documents -> /home/you/mnt/documents
/home/you/pictures  -> /home/you/mnt/pictures
# ...etc.

Mounting sda3 will always require providing extra credentials the first time you access anything within it, but this only has to occur the first time when it is mounted. Placing the mount location in /etc/auto.master explicitly under each system should cause a LUKS password prompt the first time you access data -- but the right way to do this might require some research (I've only done this on RHEL and Gentoo, and have no idea what the differences may be in Ubuntu).

In any case, the effect you are trying to achieve is certainly a reasonable goal, but shortcutting by directly sharing an encrypted home directory between major versions is far less secure and ultimately a lot more trouble than its worth.