← Back to team overview

ecryptfs team mailing list archive

  1. ecryptfs team
  2. Mailing list archive
  3. Message #00881

[Bug 352307] Re: update-notifier message about recording mount passphrase

  Thread PreviousDate PreviousThread Next 
It just occurred to me that this might get much more tricky than I
thought. update-notifier messages are system level, thus (1) only admins
will see such a note if I'm not mistaken, and (2) once the first admin
ack'ed it, other users won't see it any more.

What we want is a per-user notification. Maybe we can abuse the
messaging system that gnome-screensaver has, or otherwise just use
libnotify-send. I'll ponder this a bit.

-- 
update-notifier message about recording mount passphrase
https://bugs.launchpad.net/bugs/352307
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: In Progress
Status in ecryptfs-utils in Ubuntu Jaunty: In Progress

Bug description:
Binary package hint: ecryptfs-utils

The ecryptfs-setup-private utility is used to configure a user's encrypted-home or encrypted-private directory.

By default, ecryptfs-setup-private will generate a random 128-bit mount passphrase from /dev/urandom.

If executed on the command line, a message such as the following is displayed to the terminal:

************************************************************************
YOU SHOULD RECORD THIS MOUNT PASSPHRASE AND STORE IN A SAFE LOCATION:
f436f2db331b520e8879d53d012c363a
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************

Jaunty now supports configuring an encrypted-home directory in the installer itself (with the preseed option user-setup/encrypt-home=true).

When this happens, a random mount passphrase is generated, but the user is not given the opportunity to record this passphrase (it was decided that this would interrupt the install experience).

What we desperately need, then, is for ecryptfs-setup-private to trigger an update-notifier message to be displayed on subsequent boots (until dismissed by the user).  This message to convey to the user:

 1) That a strong, random mount passphrase has been generated to encrypt their home directory
 2) That this passphrase should be recorded (written down, printed), and stored in a separate location
 3) That this passphrase would be needed if manual data recovery is ever necessary
 4) How to go about retrieving this passphrase
  $ ecryptfs-unwrap-passphrase $HOME/.ecryptfs/wrapped-passphrase
  Passphrase: foobar
  f436f2db331b520e8879d53d012c363a

Martin Pitt has offered to help with this.  I hope it can still make Jaunty.


:-Dustin

References

  Thread PreviousDate PreviousThread Next