Thanks a lot Damian! Following your advice I've been able to recover the mangled password! I took the instructions from here: http://www.unix-ninja.com/p/Securing_your_private_data_with_the_Enterprise_Cryptographic_Filesystem/ But your aproach seems better. On Tue, Jul 7, 2015 at 9:49 PM, Wiest, Damian <damian.wiest@xxxxxxxxxxxx> wrote: > Sorry, I was looking at some old notes. You should mount using the -i > option to suppress the ecryptfs mount helper if you're using a > passphrase stored in your keyring. > > -Damian > > > On Tue, Jul 7, 2015 at 2:21 PM, Wiest, Damian <damian.wiest@xxxxxxxxxxxx> wrote: >> If you've got a copy of the auth tok sig that was used, you can >> repeatedly call ecryptfs-add-passphrase with your guess until you get >> a match. This will add the passphrase to your keyring, so you may >> want to clean up bad guesses with keyctl. >> >> To avoid this situation in the future I would suggest using either the >> ecryptfs-manager or ecryptfs-insert-wrapped-passphrase commands to >> load the passphrase to your keyring. ecryptfs-manager will ask you to >> enter your passphrase twice to catch typos and the >> ecryptfs-insert-wrapped-passphrase command will fail if you enter the >> wrapping passphrase incorrectly. You can then use the auth tok sig in >> your mount command instead of the actual passphrase. >> >> # ecryptfs-insert-wrapped-passphrase-into-keyring ./wrapped.passphrase >> Passphrase: >> Inserted auth tok with sig [2df13936c580ecff] into the user session keyring >> >> # mount -t ecryptfs ./.secret ./secret -o >> ecryptfs_sig=2df13936c580ecff,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,key=passphrase,ecryptfs_enable_filename_crypto=n,ecryptfs_passthrough=n >> Passphrase: >> Attempting to mount with the following options: >> ecryptfs_unlink_sigs >> ecryptfs_fnek_sig=4e8a0ece5dbf48c8 >> ecryptfs_key_bytes=16 >> ecryptfs_cipher=aes >> ecryptfs_sig=ff09227dc73d8090 >> Mounted eCryptfs >> >> You will still be prompted for a passphrase when mounting, but you can >> enter anything and ecryptfs will use the sig you provided to locate >> the passphrase in your keyring. Be aware that the values for >> ecryptfs_sig and ecryptfs_fnek_sig that will displayed after mounting >> are bogus. Also, always test mounting your filesystem a few times to >> ensure there are no surprises and backup your passphrase to a secure >> location. >> >> -Damian >> >> >> On Mon, Jul 6, 2015 at 5:58 PM, Marc Peña Segarra <segarrra@xxxxxxxxx> wrote: >>> >>> Hi all, >>> >>> I'm using Ubuntu 14.04 and I use ecryptfs to encrypt arbitrary >>> directories; to mount the directories I use a command like this: >>> >>> sudo mount -t ecryptfs .secret/ secret/ -o >>> key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n >>> >>> The thing is that, somehow, I messed it up when pasting the password >>> on the first mount in one of the directories (yeah, I know that the >>> message saying that I've never mounted with that key before should >>> have been quite clarifying)...copied all the data and unmounted it. >>> >>> Now, when I mount it and try to read files I get errors and messages >>> like this in dmesg: >>> >>> [ 4210.614158] ecryptfs_parse_options: eCryptfs: unrecognized option >>> [ecryptfs_debug=5] >>> [ 4215.347261] Could not find key with description: [306437480dxxxxxx] >>> [ 4215.347269] process_request_key_err: No key >>> [ 4215.347272] ecryptfs_parse_packet_set: Could not find a usable >>> authentication token >>> [ 4215.347277] Valid eCryptfs headers not found in file header region >>> or xattr region, inode 919485 >>> >>> After downloading the code of the Ubuntu package I found out that in >>> the directory tests/userspace there were the tests for verifying >>> passphase signs, so I thought that I could use that to iterate through >>> mutations of the pasted passphrase in the hope of reproducing the mess >>> I provoked. >>> >>> The problem I'm having is that the test program expects four parameters: >>> pass >>> salt >>> expected_sig >>> expected_fekek >>> >>> But since in my configuration I don't have a "file encryption key, >>> encryption key" I don't know how I could modify it in order to try to >>> find my passphrase; or should I use any other executable from >>> ecryptfs? >>> >>> Thanks a lot! >>> -- >>> To unsubscribe from this list: send the line "unsubscribe ecryptfs" in >>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > > > Confidentiality Notice: This e-mail transmission may contain confidential > or legally privileged information that is intended only for the individual > or entity named in the e-mail address. If you have received this > communication in error, please notify me by return e-mail, and destroy this > communication and all copies thereof, including any attachments. > > Apervita ® is a registered trademark of Apervita Inc. > > > -- > To unsubscribe from this list: send the line "unsubscribe ecryptfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
