[Bug 579876] Re: encrypted home directory isn't mounted if password changed by another user

Sat, 06 Aug 2011 11:01:19 -0700 

I have been exploring the geli encryption functions in FreeBSD, and I
found that they already have a fully functioning encryption system for
whole volume encryption that does not have the problem listed here in
this bug.  I will quote the pertinent section of their man page here.

>From geli(8) in FreeBSD 8.2:
You are the security-person in your company.  Create an encrypted
     provider for use by the user, but remember that users forget their
     passphrases, so back Master Key up with your own random key:

           # dd if=/dev/random of=/mnt/pendrive/keys/`hostname` bs=64 count=1
           # geli init -P -K /mnt/pendrive/keys/`hostname` /dev/ad0s1e
           # geli backup /dev/ad0s1e /mnt/pendrive/backups/`hostname`
           (use key number 0, so the encrypted Master Key by you will be 
overwritten)
           # geli setkey -n 0 -k /mnt/pendrive/keys/`hostname` /dev/ad0s1e
           (allow the user to enter his passphrase)
           Enter new passphrase:
           Reenter new passphrase:


As you can see they have implemented a system where the root user has a master 
passphrase that can be entered and used to change the user's encrypted data or 
passphrase.

The geli manpage can be read in full here:
http://www.freebsd.org/cgi/man.cgi?query=geli&apropos=0&sektion=0&manpath=FreeBSD+8.2-RELEASE&format=html

And the source code for geli can be found here:
http://svnweb.freebsd.org/base/head/sys/geom/eli/

I have contacted the author of the code, Pawel Jakub Dawidek, about geli
in the past, and he is quite friendly.  I'm sure that if you did not
want to reuse the code due to its BSD rather than GPL license, he may be
able to at least give you a pointer as to how to go about implementing
this feature.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/579876

Title:
  encrypted home directory isn't mounted if password changed by another
  user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/579876/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to