Package: ecryptfs-utils
Version: 111-4
Severity: important
I have setup the standard home ~/Private directory. It looks like it is
confused about which key to use.
For the last few months or so, I get this (key IDs changed but consistent
in report):
$ ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [] into the user session keyring
mount: No such file or directory
The kernel reports:
Jul 30 07:43:31 elmo kernel: [225198.624579] Could not find key with
description: []
And plenty of other messages, all about the second key with ID
These are the two keys:
$ keyctl list @u
2 keys in keyring:
270246897: --alswrv 1000 1000 user:
996876983: --alswrv 1000 1000 user:
The work-around. Is given below.
Note that I overrode the fnek signature on the command line.
$ ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase
Passphrase: (enter your usual passphrase)
(write down this unwrapped passphrase)
$ sudo ecryptfs-add-passphrase --fnek
Passphrase: (enter the )
Inserted auth tok with sig [] into the user session keyring
Inserted auth tok with sig [] into the user session keyring
udo mount -t ecryptfs /home/username/.Private/ /home/username/Private/
Select key type to use for newly created files:
1) passphrase
2) tspi
Selection: 1
Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32
2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]: 1
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]: 1
Enable plaintext passthrough (y/n) [n]:
Enable filename encryption (y/n) [n]: y
Filename Encryption Key (FNEK) Signature []:
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_fnek_sig=
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt], it looks
like you have never mounted with this key before. This could mean that you have
typed your passphrase wrong.
Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : no
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ecryptfs-utils depends on:
ii gettext-base0.19.8.1-2+b1
ii keyutils1.5.9-9
ii libassuan0 2.4.3-2
ii libc6 2.24-12
ii libecryptfs1111-4
ii libgpg-error0 1.27-3
ii libgpgme11 1.8.0-3+b3
ii libkeyutils11.5.9-9
ii libpam-runtime 1.1.8-3.6
ii libpam0g1.1.8-3.6
ii libtspi10.3.14+fixed1-1
ecryptfs-utils recommends no packages.
Versions of packages ecryptfs-utils suggests:
pn cryptsetup
-- no debconf information