encrypted home dir tale of woe :-)

Marius Gedminas marius at pov.lt
Sun Jan 2 12:47:24 UTC 2011 

On Sun, Jan 02, 2011 at 09:35:16PM +1100, Karl Auer wrote:
> On Sun, 2011-01-02 at 11:35 +0200, Marius Gedminas wrote:
> > there's nothing pam_gnome_keyring can do.  This is a design thing: the
> > keyring is encrypted with the keyring password, so that nobody can
> > access any data inside it if they get the encrypted file.  If you forget
> > the password, you lose your keyring, and the filesystem encryption
> > passphrase with it.
> 
> Losing my keyring was not a problem - I had all the keys that would have
> been stored within it, and the login password is by definition external
> to it. The problem was that the forgotten password was *also* the key to
> the encrypted dir.

Ah, you're right, ecryptfs doesn't depend on the GNOME keyring -- it
has its own PAM module and stores its own passphrase in
~/.ecryptfs/wrapped-passphrase, and loads it into the kernel keyring
(that I didn't even know existed until now) on login.

/usr/share/doc/ecryptfs-utils/ecryptfs-pam-doc.txt.gz says:

  When the user changes his login credentials, the eCryptfs PAM module
  unwraps the mount passphrase in ~/.ecryptfs/wrapped-passphrase with
  the user's old passphrase and rewraps the mount passphrase into
  ~/.ecryptfs/wrapped-passphrase with the user's new passphrase.

so it looks like it works the same way as pam_gnome_keyring, with the
same implications.

Although... all the docs in ecryptfs seem to talk about ~/Private/,
while you're talking about encrypted home.  I wonder if the same
mechanism is used for both?

> Upon encrypting my home dir during the Maverick install, I was given a
> long hex passphrase to store safely. I was informed that this would
> allow decryption of my home dir if my login password ever got lost.

Right.

> What irritates me most is that the passphrase did not work. I realise
> there is no way now to prove it, but I am pretty much certain I neither
> recorded it incorrectly nor entered it incorrectly.

That would be a pretty serious bug.  Have you looked for it on
Launchpad?

Or you could try it again, now that you know both the password and the
passphrase, after, e.g., booting from a CD.

(Testing these things is much easier when only ~/Private is encrypted,
and the rest of ~/ is always accessible.)

Marius Gedminas
-- 
Please do not even think about automatically normalizing file names
anywhere. There is absolutely no need for introducing such nonsense, and
deviating from the POSIX requirement that filenames be opaque byte
strings is a Bad Idea[TM] (also known as NTFS).
	-- Markus Kuhn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20110102/de081e81/attachment.sig>

More information about the ubuntu-users mailing list