On Mon, 9 Jun 2008, Dietmar Lippold wrote: -> I have tested ecryptfs on Fedora 9 and I don't understand, why the -> files of a crypted diretory are readable when the directory is mounted -> with a wrong passphrase.
-> [EMAIL PROTECTED]: 1 -> > Passphrase: -> [EMAIL PROTECTED]: test -> > Verify Passphrase: -> [EMAIL PROTECTED]: test There you entered the password which should put a key in your keyring ... (keyctl show) -> [EMAIL PROTECTED]: umount /tmp/test -> # The file /tmp/test/Test is not readyble anymore -> # (only crypted text). ...and closed it... but still left the key (keyctl show) -> [EMAIL PROTECTED]: mount -t ecryptfs /tmp/test /tmp/test -> >Select key type to use for newly created files: -> > 1) passphrase -> > 2) openssl -> >Selection: -> [EMAIL PROTECTED]: 1 -> > Passphrase: -> [EMAIL PROTECTED]: ZZZ -> # The passphrase is wrong! -> >Verify Passphrase: -> [EMAIL PROTECTED]: ZZZ ...so this shouldn't matter what you type, since you never cleared the key out to start with. (keyctl clear @u) I don't know if a second (incorrect) key is actually added, or it is disregarded, but the mount is (I'm guessing) done by root and his (first) session key. -> -> [EMAIL PROTECTED]: cat /tmp/test/Test -> > Hello Once the files are opened up, they are in the clear for everyone. I asked this awhile back about root being able to read the files even if it was a user/key pair and root didn't have the key. Here, root does. -> Why is the file /tmp/test/Test readable although root gave the wrong -> passphrase? Try keyctl clear @u after you dismount. Then try and remount/read with a wrong key. That's the way I've always done it. Unless something's changed in ecryptfs since the last time I"ve used it, it should work like that. Look in /proc/keys. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
