On Sat, 2019-08-03 at 17:44 +0300, Jarkko Sakkinen wrote: > On Fri, 2019-08-02 at 15:23 -0500, Tyler Hicks wrote: > > That wasn't the conclusion that I came to. I prefer Robert's proposed > > change to trusted.ko. > > > > How do you propose that this be fixed in eCryptfs? > > > > Removing encrypted_key support from eCryptfs is the only way that I can > > see to fix the bug in eCryptfs. That support has been there since 2011. > > I'm not sure of the number of users that would be broken by removing > > encrypted_key support. I don't think the number is high but I can't say > > that confidently. > > Looking at the documentation [1] it is stated that > > "Encrypted keys do not depend on a TPM, and are faster, as they use AES > for encryption/decryption." > > Why would you need to remove support for encrypted keys? Isn't it a > regression in encrypted keys to hard depend on trusted keys given > what the documentation says? "Encrypted" key are symmetric keys, which are encrypted/decrypted either by a "trusted" key or, for development purposes only, a "user" key. Mimi
