ecryptfs team mailing list archive

Thread
Date
[Bug 259631] Re: Cannot open Private directory after a reboot

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Rune Evjen <rune.evjen@xxxxxxxxx>
Date: Wed, 22 Oct 2008 12:12:34 -0000
Reply-to: Bug 259631 <259631@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Test Result

1. First, you need to figure out if you can decrypt your
mount_passphrase, using 'ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-
passphrase LOGIN_PASSPHRASE'.

Result: Received salt warning, command printed the hex digits and
returned 0

2. Once you're able to successfully decrypt ~/.ecryptfs/wrapped-
passphrase, run ecryptfs_insert_wrapped_passphrase_into_keyring
~/.ecryptfs/wrapped-passphrase LOGIN_PASSPHRASE'.

Result: Received salt warning, and "Inserted auth tok with sig
[xxxxxx...x] into the user session keyring

3. You can list the id's of the keys in the keyring using: 'keyctl
show'.

Result: keyctl shows two user keys, one match to the result of the
command 'ecryptfs_insert_wrapped_passphrase_into_keyring..' and another
key.  (Note: I already had used ecryptfs earlier in a more manual way
for other directories, is the other key my old key and is this creating
the problem with automount after reboot ?)

4. Now that you have the passphrase in the keyring, you should be able
to mount your encrypted private directory with 'mount.ecryptfs_private'.

Result: Using the 'mount.ecryptfs_private' command I can succsessfully
mount (and decrypt the contents of) my ~/Private directory.

5. Reboot persistency
After applying the above commands and accessing ~/Private, I rebooted and ran 'mount.ecryptfs_private' which again gave the error "keyctl_search: Required key not available"
'keyctl show' does not list my key, only my "old" key (see 3).

After adding it with 'ecryptfs-insert-wrapped-passphrase-into-keyring
~/.ecryptfs/wrapped-passphrase LOGIN_PASSWORD' and running
'mount.ecryptfs_private' again the ~/Private directory is mounted ok.

6. Summary
So it seems like the problem for me is that my "wrapped passphrase" is not automatically added into the keyring.
Is this because I have two keys ? (See note in 3) 
In another computer I use this is working fine, but on that computer I didn't use ecryptfs prior to using the Ubuntu "Private directory" feature.

Regards,

Rune

-- 
Cannot open Private directory after a reboot
https://bugs.launchpad.net/bugs/259631
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: Incomplete

Bug description:
Binary package hint: ecryptfs-utils

I created an encrypted private directory following the instructions here:

https://wiki.ubuntu.com/EncryptedPrivateDirectory

Everything worked as it should until I rebooted. When I try to mount my private directory I get the following message:

 jimk@intrepid:~$ mount.ecryptfs_private
keyctl_search: Required key not available

When I go to create a key, I get the following message:

jimk@intrepid:~$ ecryptfs-setup-private
ERROR: wrapped-passphrase file already exists, use --force to overwrite.

I can create a new passphrase if I use the force option, but I shouldn't have to do this everytime I reboot