If you've got a copy of the auth tok sig that was used, you can repeatedly call ecryptfs-add-passphrase with your guess until you get a match. This will add the passphrase to your keyring, so you may want to clean up bad guesses with keyctl. To avoid this situation in the future I would suggest using either the ecryptfs-manager or ecryptfs-insert-wrapped-passphrase commands to load the passphrase to your keyring. ecryptfs-manager will ask you to enter your passphrase twice to catch typos and the ecryptfs-insert-wrapped-passphrase command will fail if you enter the wrapping passphrase incorrectly. You can then use the auth tok sig in your mount command instead of the actual passphrase. # ecryptfs-insert-wrapped-passphrase-into-keyring ./wrapped.passphrase Passphrase: Inserted auth tok with sig [2df13936c580ecff] into the user session keyring # mount -t ecryptfs ./.secret ./secret -o ecryptfs_sig=2df13936c580ecff,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,key=passphrase,ecryptfs_enable_filename_crypto=n,ecryptfs_passthrough=n Passphrase: Attempting to mount with the following options: ecryptfs_unlink_sigs ecryptfs_fnek_sig=4e8a0ece5dbf48c8 ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=ff09227dc73d8090 Mounted eCryptfs You will still be prompted for a passphrase when mounting, but you can enter anything and ecryptfs will use the sig you provided to locate the passphrase in your keyring. Be aware that the values for ecryptfs_sig and ecryptfs_fnek_sig that will displayed after mounting are bogus. Also, always test mounting your filesystem a few times to ensure there are no surprises and backup your passphrase to a secure location. -Damian On Mon, Jul 6, 2015 at 5:58 PM, Marc Peña Segarra <segarrra@xxxxxxxxx> wrote: > > Hi all, > > I'm using Ubuntu 14.04 and I use ecryptfs to encrypt arbitrary > directories; to mount the directories I use a command like this: > > sudo mount -t ecryptfs .secret/ secret/ -o > key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n > > The thing is that, somehow, I messed it up when pasting the password > on the first mount in one of the directories (yeah, I know that the > message saying that I've never mounted with that key before should > have been quite clarifying)...copied all the data and unmounted it. > > Now, when I mount it and try to read files I get errors and messages > like this in dmesg: > > [ 4210.614158] ecryptfs_parse_options: eCryptfs: unrecognized option > [ecryptfs_debug=5] > [ 4215.347261] Could not find key with description: [306437480dxxxxxx] > [ 4215.347269] process_request_key_err: No key > [ 4215.347272] ecryptfs_parse_packet_set: Could not find a usable > authentication token > [ 4215.347277] Valid eCryptfs headers not found in file header region > or xattr region, inode 919485 > > After downloading the code of the Ubuntu package I found out that in > the directory tests/userspace there were the tests for verifying > passphase signs, so I thought that I could use that to iterate through > mutations of the pasted passphrase in the hope of reproducing the mess > I provoked. > > The problem I'm having is that the test program expects four parameters: > pass > salt > expected_sig > expected_fekek > > But since in my configuration I don't have a "file encryption key, > encryption key" I don't know how I could modify it in order to try to > find my passphrase; or should I use any other executable from > ecryptfs? > > Thanks a lot! > -- > To unsubscribe from this list: send the line "unsubscribe ecryptfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you have received this communication in error, please notify me by return e-mail, and destroy this communication and all copies thereof, including any attachments. Apervita ® is a registered trademark of Apervita Inc. -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
