strange(?) situation with ecryptfs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I have a set of folders encrypted with encfs (over zfs) and I get an error when trying to mount them. What I do is: 

   register the key on the keyring:
<binary which produces the passphrase on stdout> | ecryptfs-add-passphrase - 

   check the key is, indeed, there:
      keyctl list @u
         1 key in keyring:
         <#id>: --alswrv     0     0 user: <sig>

   mount the FS:
mount -i -t ecryptfs -o ecryptfs_sig=<sig>,ecryptfs_fnek_sig=<sig>,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 <mount point> <mount point> 
      mount: mount(2) failed: <mount point>: No such file or directory

   but <mount point> exists. Also, I see in the logs:
      kernel: Could not find key with description: [<sig>]
      kernel: process_request_key_err: No key
kernel: Could not find valid key in user session keyring for sig specified in mount option: [<sig>] kernel: One or more global auth toks could not properly register; rc = [-2] 
      kernel: Error parsing options; rc = [-2]
However, if first try to mount it without the -i AND I kill it when asking for the passphrase: mount -i -t ecryptfs -o ecryptfs_sig=<sig>,ecryptfs_fnek_sig=<sig>,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 <mount point> <mount point> 
      Select key type to use for newly created files:
       1) tspi
       2) passphrase
      Selection: ^C

   And the repeat the mount with the -i
mount -i -t ecryptfs -o ecryptfs_sig=<sig>,ecryptfs_fnek_sig=<sig>,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 <mount point> <mount point> 

   it succeeds, and the kernel reports no errors at all.
This happens only for the first folder being decrypted. After this first has succeeded, I can mount any other folder encrypted with the same key just by issuing mount -i -t ecryptfs -o ecryptfs_sig=<sig>,ecryptfs_fnek_sig=<sig>,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 <other mount point> <other mount point> 

   Am I doing something wrong? Is this a bug?
   Thank you!

--
Felix Rubio
"Don't believe what you're told. Double check."
--
To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Crypto]     [Device Mapper Crypto]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux