ecryptfs team mailing list archive

Thread
Date

Re: [Bug 259631] Re: Cannot open Private directory after a reboot

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Tue, 21 Oct 2008 16:26:56 -0000
Reply-to: Bug 259631 <259631@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

On Tue, Oct 21, 2008 at 10:53 AM, Rune Evjen <rune.evjen@xxxxxxxxx> wrote:
> In any case, is it possible to take the mount_passphrase and reverse it in
> order to compare it to the original login_passphrase ? Or can one
> mount_passphrase be generated from different login passwords ?

The mount_passphrase is generated from /dev/urandom, and encrypted
with the login_passphrase that you enter (twice) in
ecryptfs-setup-private.

If you can decrypt it using ecryptfs-unwrap-passphrase with your
current login passphrase, then it's wrapped correctly.  If you can
insert into your keyring, then the kernel knows about it.  And if the
signature in Private.sig and keyctl match, then it's the "correct"
key.  The mount should definitely succeed.

I want to revisit something Matt wrote, about entering the wrong login
password (twice).  ecryptfs-setup-private is not able to validate your
login password.  It expects that you know your password, and that
you're going to enter it correctly, and twice.  It uses that value to
encrypt the mount passphrase, even if it's not your actual login
passphrase.  That could easily be the source of these troubles...

:-Dustin

-- 
Cannot open Private directory after a reboot
https://bugs.launchpad.net/bugs/259631
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: Incomplete

Bug description:
Binary package hint: ecryptfs-utils

I created an encrypted private directory following the instructions here:

https://wiki.ubuntu.com/EncryptedPrivateDirectory

Everything worked as it should until I rebooted. When I try to mount my private directory I get the following message:

 jimk@intrepid:~$ mount.ecryptfs_private
keyctl_search: Required key not available

When I go to create a key, I get the following message:

jimk@intrepid:~$ ecryptfs-setup-private
ERROR: wrapped-passphrase file already exists, use --force to overwrite.

I can create a new passphrase if I use the force option, but I shouldn't have to do this everytime I reboot

References

[Bug 259631] Re: Cannot open Private directory after a reboot
From: Dustin Kirkland, 2008-10-21
Re: [Bug 259631] Re: Cannot open Private directory after a reboot
From: Rune Evjen, 2008-10-21