I started using ecryptfs and upgraded with the new releases that came out until ecryptfs-utils-27. This worked well, but sometimes, every 3rd or 4th use, ecrypfsd would segfault/zombie any command touching the ecryptfs files. This would usually leave ecryptfs stuck mounted, resulting in a full filesystem fsck after a reboot was attempted. Next I tried ecryptfs-utils-30, hoping the segfault was fixed.
With ecryptfs-utils-27, this command mounted ecryptfs with no troubles: mount -t ecryptfs -o key=openssl:keyfile=/home/jayjwa/crypto/atr2-jayjwa-key.pem /var/cache/ecryptfs Of the versions I've tried and installed since release 27, I can't get ecryptfs to work at all. With ecryptfs-utils-30: # mount -t ecryptfs -o key=openssl:keyfile=/home/jayjwa/crypto/atr2-jayjwa-key.pem /var/cache/ecryptfs/100 /home/jayjwa/.ecrypt_mp Passphrase: Attempting to mount with the following options: Required mount option not provided: [ecryptfs_key_bytes=] Invalid mount options; aborting. rc = [1] Error mounting eCryptfs; rc = [-1]; strerr = [Operation not permitted]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>. These cryptic messages are in the logs. The key is the exact same as it always was. Error parsing options; rc = [-22] mount.ecryptfs: Error initializing key module [/usr/lib/ecryptfs/libecryptfs_key_mod_gpg.so]; rc = [-22] mount.ecryptfs: openssl_data internal structure not properly filled in mount.ecryptfs: Error serializing openssl; rc = [-22] mount.ecryptfs: Error processing OpenSSL key; rc = [-3] Now it mentions something I've not had to provide on the command line before, "ecryptfs_key_bytes", where to find this value? Converting the key bits to bytes and using that value: mount -t ecryptfs -o key=openssl:keyfile=/home/jayjwa/crypto/atr2-jayjwa-key.pem:ecryptfs_key_bytes=256 /var/cache/ecryptfs/100 /home/jayjwa/.ecrypt_mp Passphrase: Attempting to mount with the following options: Required mount option not provided: [ecryptfs_key_bytes=] Invalid mount options; aborting. rc = [1] Error mounting eCryptfs; rc = [-1]; strerr = [Operation not permitted]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>. Placing it before the "key=" value: mount -t ecryptfs -o ecryptfs_key_bytes=256,key=openssl:keyfile=/home/jayjwa/crypto/atr2-jayjwa-key.pem /var/cache/ecryptfs/100 /home/jayjwa/.ecrypt_mp Passphrase: Attempting to mount with the following options: Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>. I also tried: mount -t ecryptfs -o key=openssl:keyfile=/home/jayjwa/crypto/atr2-jayjwa-key.pem:ecryptfs_key_bytes=16 /var/cache/ecryptfs/100 /home/jayjwa/.ecrypt_mp Nothing on this at http://ecryptfs.sourceforge.net/ecryptfs-faq.html, the manpages, nor in the Changelog (it's a 0-byte file in ecryptfs-utils-30 downloaded from Sourceforge.) The kernel was 2.6.23.1. With ecryptfs-utils-33, and 2.6.23.9, we don't even get that far: # mount -t ecryptfs -o key=openssl:keyfile=/home/jayjwa/crypto/atr2-jayjwa-key.pem /var/cache/ecryptfs/100 /home/jayjwa/.ecrypt_mp Passphrase: Select cipher: Selection: 1 Select cipher: Selection: 2 Select cipher: Selection: 3 Select cipher: Selection: 4 Select cipher: Selection: 5 Select cipher: Selection: 6 Select cipher: Selection: 7 Select cipher: Selection: 8 Select cipher: Selection: 9 Select cipher: Selection: 0 Select cipher: Selection: ? Select cipher: Selection: blowfish Select cipher: Selection: aes Select cipher: Selection: ?????????????? Select cipher: Selection: (repeats until Control-C hit) Didn't that used to print a menu? Trying to use ecryptfs-manager to generate a new key pair: # ecryptfs-manager eCryptfs key management menu ------------------------------- 1. Add passphrase key to keyring 2. Add public key to keyring 3. Generate new public/private keypair 4. Exit Make selection: 3 Select key type to use for newly created files: 1) openssl Selection: 1 SSL key file path [/root/.ecryptfs/pki/openssl/key.pem]: ./test.pem Passphrase: Returning to main menu eCryptfs key management menu ------------------------------- 1. Add passphrase key to keyring 2. Add public key to keyring 3. Generate new public/private keypair 4. Exit Make selection: 4 # ls -la ./test.pem ls: cannot access ./test.pem: No such file or directory The above was with a fresh install, not trying to access files previously ecrypted. Where did the ecryptfs-manager select cypher menu go? Gpg seems to be ignored as a pass key source now. Why won't my previously working openssl key work with recent ecryptfs versions? Any help solving these these problems greatly appreciated. versions: linux-2.6.23.9 libgcrypt-1.2.4 gpgme-1.1.5 openssl-0.9.8g ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
