Practical use of ecryptfs, encrypted keys, and TPM: how to convert existing user key to encrypted key?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Short version of this question is:  How do I convert a user key on the keyring
storing ecryptfs authentication token / FEFEK to an encrypted key on keyring?
(I.e. how to add an encrypted key with user-specified plaintext data, instead
of a randomly-generated key - such as a pre-existing mounting passphrase for
an existing ecryptfs file system.)  Read on for why...

I'm trying to figure out how to practically use ecryptfs with a TPM, and the
information I'm finding is generally out-of-date/obsolete.  All I've found is
blog articles or IBM whitepapers from a few years ago that appear to use
features that don't exist anymore / unmaintained features.  I've gathered that
the proper way to do this now involves trusted and encrypted kernel keys, as
per:

 * https://www.kernel.org/doc/Documentation/security/keys-ecryptfs.txt
 * https://www.kernel.org/doc/Documentation/security/keys-trusted-encrypted.txt

The strategy outlined in the above documentation indicates the idea would be to
make a new trusted key, sealed with the TPM, and then use it to make a new
encrypted key in the ecryptfs format, specifying the trusted key as the master.
That's easy enough to follow, and does what I'm looking for, except...

The problem is if the TPM dies, I need to recover my data (e.g. computer dies,
and need to restore from encrypted backups).  What I'm wanting to do is use a
passphrase to decrypt data if the TPM is not available, to be used only in
special circumstances.  Alternatively, users might have a pre-existing
ecryptfs file system with a mounting passphrase / FEFEK already chosen - i.e.
you don't want to re-encrypt all your files just to use the TPM.  This seems
like an obvious need, yet I'm have trouble figuring out the "how". 

>From the above documentation:

    The data structure defined by eCryptfs to contain information required for the
    FEK decryption is called authentication token and, currently, can be stored in a
    kernel key of the 'user' type, inserted in the user's session specific keyring
    by the userspace utility 'mount.ecryptfs' shipped with the package
    'ecryptfs-utils'.

    Encrypted keys of the newly introduced [ecryptfs encrypted] format store an
    authentication token in its payload with a FEFEK randomly generated by the
    kernel and protected by the parent master key.  [What if I want to use an
    existing FEFEK?]

OK, so it sounds to me like the kernel is storing the encrypted key in the same
format as a regular user key that would be added to the keyring by the ecryptfs
userspace tools (e.g. by ecryptfs-add-passphrase or the mount helper).  That is,
the payload of the user key and the encrypted key are basically one and the
same, except the kernel won't allow userspace to read the encrypted key in
unencrypted format.  Right?

So I think what I want to do is this - am I on the right track here?

1.  Use ecryptfs-add-passphrase to add a mounting passphrase to the keyring.
    (It could be a mounting passphrase for an existing ecryptfs filesystem).
    Now I have a user key on the keyring storing an ecryptfs authentication
    token.  The mounting passphrase can be complex and stored in an offline
    secure location, perhaps protected by ecryptfs-wrap-passphrase, and only
    used in a data recovery scenario (e.g. if the TPM goes up in smoke). 
2.  Create a new trusted key in the keyring, as per above documentation.
3.  Convert the existing user key storing authentication token from
    ecrypt-add-passphrase in step #1 into an encrypted key on the keyring, using
    the trusted key as the master key.  (This is where I'm stuck.)
4.  Remove the user key from the keyring since we don't need it any more.
5.  Use "keyctl pipe" to save the encrypted key to a file on disk for later
    mounting.

Ordinary day-to-day mounting would work like:
1.  Load and unseal trusted key into keyring.
2.  Load encrypted key blob from step #5 above into encrypted key in keyring,
    using trusted key as master key. 
3.  Mount using the encrypted key from previous step.

If the TPM is destroyed or lost:
1.  Use ecryptfs-add-passphrase to add the mounting passphrase from backup into
    an authentication token stored in a user key.
2.  Mount using this user key.

So my key question is this:  How do I convert a user key storing authentication
token to an encrypted key, as in step #3 in the setup procedure above?  For
example, docs say this to decrypt an existing encrypted key previously exported
with keyctl pipe <encrypted ID>:

    keyctl add encrypted name "load hex_blob" ring

But I want to do something like this to make a new encrypted key from some
pre-existing plaintext:

    keyctl add encrypted name "load ecryptfs trusted:masterkey `keyctl print <id of user key holding plaintext authentication token / FEFEK / mounting passphrase>`" @u

(This as opposed to the random new key generated with
"add encrypted name "new ecryptfs"")

If the above isn't possible then what am I missing in my strategy?  Feels like
I'm missing some obvious information here.

Best regards,

James Johnston


--
To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Crypto]     [Device Mapper Crypto]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux