The test with one file on this machine was OK, but soon as I put it into real use on another machine and tried to do a mount, the mount fails on empty directories. It says something about not being able to resolve a full path, but there's nothing special about the directory /var/cache/ecryptfs/100. It's not NFS or any such thing, just a normal filesystem directory. This was reproduced with first my real key, then here, a testing key.
mount -t ecryptfs -o verbose,key=openssl:keyfile=/tmp/rsa-testing-key.pem /var/cache/ecryptfs/100 /home/jayjwa/.ecrypt_mp Method of providing the passphrase: 1) passwd: Enter on Console 2) passwd_file: File Containing Passphrase 3) passwd_fd: File Descriptor for File Containing Passphrase Selection [passwd]: 1 Passphrase: Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (loaded) 2) blowfish: blocksize = 8; min keysize = 4; max keysize = 56 (loaded) 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (loaded) 4) des: blocksize = 8; min keysize = 8; max keysize = 8 (loaded) Selection [aes]: 2 Select key bytes: 1) 16 2) 32 Selection [16]: 1 Attempting to mount with the following options: ecryptfs_key_bytes=16 ecryptfs_cipher=blowfish ecryptfs_sig=f4e702c4ad0755da WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt], it looks like you have never mounted with this key before. This could mean that you have typed your passphrase wrong. Would you like to proceed with the mount (yes/no)? yes Would you like to append sig [f4e702c4ad0755da] to [/root/.ecryptfs/sig-cache.txt] in order to avoid this warning in the future (yes/no)? yes Successfully appended new sig to user sig cache file Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>. Dec 18 10:33:28 vdrl mount.ecryptfs: Error initializing key module [/usr/lib/ecryptfs/libecryptfs_key_mod_gpg.so]; rc = [-22] Dec 18 10:33:28 vdrl mount.ecryptfs: Preferring [/usr/lib/ecryptfs/libecryptfs_key_mod_passphrase.so] file over built-in module for key module with name [passphrase] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [des3_ede] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: min keysize match on buf = [min keysize : 24 ] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: For cipher with name [des3_ede], set min_keysize = [24] from str = [24] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: For cipher with name [des3_ede], set max_keysize = [24] from str = [24] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [des] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: min keysize match on buf = [min keysize : 8 ] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: For cipher with name [des], set min_keysize = [8] from str = [8] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: For cipher with name [des], set max_keysize = [8] from str = [8] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [sha256] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [sha512] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [sha384] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [aes] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: min keysize match on buf = [min keysize : 16 ] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: For cipher with name [aes], set min_keysize = [16] from str = [16] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: For cipher with name [aes], set max_keysize = [32] from str = [32] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: min keysize match on buf = [min keysize : 4 ] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [md5] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: min keysize match on buf = [min keysize : 4 ] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [blowfish] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: min keysize match on buf = [min keysize : 4 ] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: For cipher with name [blowfish], set min_keysize = [4] from str = [4] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: For cipher with name [blowfish], set max_keysize = [56] from str = [56] Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [crc32c] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: ecryptfs_get_kernel_ciphers: Adding kernel cipher with name [deflate] to the list Dec 18 10:33:28 vdrl mount.ecryptfs: Duplicates allowed for [key] Dec 18 10:33:28 vdrl mount.ecryptfs: Duplicates allowed for [keyfile] Dec 18 10:33:28 vdrl mount.ecryptfs: name = [rw]; value = [(null)] Dec 18 10:33:28 vdrl mount.ecryptfs: name = [verbose]; value = [(null)] Dec 18 10:33:28 vdrl mount.ecryptfs: name = [key]; value = [openssl] Dec 18 10:33:28 vdrl mount.ecryptfs: name = [keyfile]; value = [/tmp/rsa-testing-key.pem] Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fbea40]; node->mnt_opt_names[0] = [sig] Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: node->tl[0].val = [default] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [sig] Dec 18 10:33:28 vdrl mount.ecryptfs: retrieve_val: Called on node [sig] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: ECRYPTFS_PARAM_FLAG_NO_VALUE set Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fbdf80]; node->mnt_opt_names[0] = [key] Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: node->tl[0].val = [openssl] Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: node->tl[1].val = [passphrase] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [key] Dec 18 10:33:28 vdrl mount.ecryptfs: retrieve_val: Called on node [key] Dec 18 10:33:28 vdrl mount.ecryptfs: From param_node = [0xb7fbdf80]; mnt_opt_names[0] = [key]: Setting ECRYPTFS_PROCESSED to nvp with nvp->name = [key] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: Value retrieved from default_val or from parameter list; returning Dec 18 10:33:28 vdrl mount.ecryptfs: Transitioning from [0xb7fbdf80]; name = [key] to [0xb7fd3240]; name = [keysource] per transition node's next_token Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fd3240]; node->mnt_opt_names[0] = [keysource] Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: node->tl[0].val = [default] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [keysource] Dec 18 10:33:28 vdrl mount.ecryptfs: retrieve_val: Called on node [keysource] Dec 18 10:33:28 vdrl mount.ecryptfs: retrieve_val: Value retrieved from node->default_val = [keyfile] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: Value retrieved from default_val or from parameter list; returning Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fd3784]; node->mnt_opt_names[0] = [keyfile] Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: node->tl[0].val = [default] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [keyfile] Dec 18 10:33:28 vdrl mount.ecryptfs: retrieve_val: Called on node [keyfile] Dec 18 10:33:28 vdrl mount.ecryptfs: From param_node = [0xb7fd3784]; mnt_opt_names[0] = [keyfile]: Setting ECRYPTFS_PROCESSED to nvp with nvp->name = [keyfile] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: Value retrieved from default_val or from parameter list; returning Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fd3cc8]; node->mnt_opt_names[0] = [passwd_specification_method] Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: node->tl[0].val = [passwd] Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: node->tl[1].val = [passwd_file] Dec 18 10:33:28 vdrl mount.ecryptfs: eval_param_tree: node->tl[2].val = [passwd_fd] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [passwd_specification_method] Dec 18 10:33:28 vdrl mount.ecryptfs: retrieve_val: Called on node [passwd_specification_method] Dec 18 10:33:28 vdrl mount.ecryptfs: retrieve_val: Called on node [passwd] Dec 18 10:33:28 vdrl mount.ecryptfs: retrieve_val: Called on node [passwd_file] Dec 18 10:33:28 vdrl mount.ecryptfs: retrieve_val: Called on node [passwd_fd] Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: ctx->get_string defined Dec 18 10:33:28 vdrl mount.ecryptfs: alloc_and_get_val: DISPLAY_TRANSITION_NODE_VALS set Dec 18 10:33:31 vdrl mount.ecryptfs: Transitioning from [0xb7fd3cc8]; name = [passwd_specification_method] to [0xb7fd420c]; name = [passwd] per transition node's next_token Dec 18 10:33:31 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fd420c]; node->mnt_opt_names[0] = [passwd] Dec 18 10:33:31 vdrl mount.ecryptfs: eval_param_tree: node->tl[0].val = [default] Dec 18 10:33:31 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [passwd] Dec 18 10:33:31 vdrl mount.ecryptfs: retrieve_val: Called on node [passwd] Dec 18 10:33:31 vdrl mount.ecryptfs: alloc_and_get_val: ctx->get_string defined Dec 18 10:33:31 vdrl mount.ecryptfs: alloc_and_get_val: DISPLAY_TRANSITION_NODE_VALS not set Dec 18 10:33:31 vdrl mount.ecryptfs: alloc_and_get_val: node->mnt_opt_names[0] = [passwd] ; node->flags = [0x00000042] Dec 18 10:33:36 vdrl mount.ecryptfs: tf_ssl_passwd: Called w/ node->val = [onlytesting] Dec 18 10:33:36 vdrl mount.ecryptfs: ecryptfs_dummy_get_key_data: Dummy function substituted for unimplemented function in key module Dec 18 10:33:36 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fbfa60]; node->mnt_opt_names[0] = [another_key] Dec 18 10:33:36 vdrl mount.ecryptfs: eval_param_tree: node->tl[0].val = [default] Dec 18 10:33:36 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [another_key] Dec 18 10:33:36 vdrl mount.ecryptfs: retrieve_val: Called on node [another_key] Dec 18 10:33:36 vdrl mount.ecryptfs: alloc_and_get_val: ECRYPTFS_PARAM_FLAG_NO_VALUE set Dec 18 10:33:36 vdrl mount.ecryptfs: Comparing nvp->name = [rw] to key_module_select_node.mnt_opt_names[0] = [key] Dec 18 10:33:36 vdrl mount.ecryptfs: Comparing nvp->name = [verbose] to key_module_select_node.mnt_opt_names[0] = [key] Dec 18 10:33:36 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fbefa0]; node->mnt_opt_names[0] = [ecryptfs_cipher] Dec 18 10:33:36 vdrl mount.ecryptfs: eval_param_tree: node->tl[0].val = [aes] Dec 18 10:33:36 vdrl mount.ecryptfs: eval_param_tree: node->tl[1].val = [blowfish] Dec 18 10:33:36 vdrl mount.ecryptfs: eval_param_tree: node->tl[2].val = [des3_ede] Dec 18 10:33:36 vdrl mount.ecryptfs: eval_param_tree: node->tl[3].val = [des] Dec 18 10:33:36 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [ecryptfs_cipher] Dec 18 10:33:36 vdrl mount.ecryptfs: retrieve_val: Called on node [ecryptfs_cipher] Dec 18 10:33:36 vdrl mount.ecryptfs: alloc_and_get_val: ctx->get_string defined Dec 18 10:33:36 vdrl mount.ecryptfs: alloc_and_get_val: DISPLAY_TRANSITION_NODE_VALS set Dec 18 10:33:40 vdrl mount.ecryptfs: tf_ecryptfs_cipher: Pushing onto stack; opt = [ecryptfs_cipher=blowfish] Dec 18 10:33:40 vdrl mount.ecryptfs: Transitioning from [0xb7fbefa0]; name = [ecryptfs_cipher] to [0xb7fbf500]; name = [ecryptfs_key_bytes] per transition node's next_token Dec 18 10:33:40 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fbf500]; node->mnt_opt_names[0] = [ecryptfs_key_bytes] Dec 18 10:33:40 vdrl mount.ecryptfs: eval_param_tree: node->tl[0].val = [16] Dec 18 10:33:40 vdrl mount.ecryptfs: eval_param_tree: node->tl[1].val = [32] Dec 18 10:33:40 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [ecryptfs_key_bytes] Dec 18 10:33:40 vdrl mount.ecryptfs: retrieve_val: Called on node [ecryptfs_key_bytes] Dec 18 10:33:40 vdrl mount.ecryptfs: alloc_and_get_val: ctx->get_string defined Dec 18 10:33:40 vdrl mount.ecryptfs: alloc_and_get_val: DISPLAY_TRANSITION_NODE_VALS set Dec 18 10:33:42 vdrl mount.ecryptfs: Transitioning from [0xb7fbf500]; name = [ecryptfs_key_bytes] to [0xb7fc0fe0]; name = [end] per transition node's next_token Dec 18 10:33:42 vdrl mount.ecryptfs: eval_param_tree: Calling alloc_and_get_val() on node = [0xb7fc0fe0]; node->mnt_opt_names[0] = [end] Dec 18 10:33:42 vdrl mount.ecryptfs: alloc_and_get_val: Called on node->mnt_opt_names[0] = [end] Dec 18 10:33:42 vdrl mount.ecryptfs: retrieve_val: Called on node [end] Dec 18 10:33:42 vdrl mount.ecryptfs: alloc_and_get_val: ECRYPTFS_PARAM_FLAG_NO_VALUE set Dec 18 10:33:50 vdrl mount.ecryptfs: could not resolve full path for source /var/cache/ecryptfs/100 [-22] The directory exists... ls -la /var/cache/ecryptfs/100 total 60K drwx------ 2 jayjwa users 52K 2007-12-18 10:27 ./ drwxr-xr-x 4 root root 4.0K 2007-09-26 20:05 ../ And the mount was done as root, so the fact that it's only readable by my own user shouldn't matter anyway, since root can see thru that. ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users