encrypted home directory / wrapped-passphrase
scar
scar at drigon.com
Thu Jul 19 21:26:35 UTC 2012
hi i used the ecryptfs-migrate-home command to encrypt my home
directory, and during that process i am told:
************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************
so i run that command and get the ~/.ecryptfs/wrapped-passphrase file,
which it seems to me should be moved elsewhere, like removable storage,
since it sounds like this file is to be used when i forget my password.
however, when i move that file, my home directory no longer gets
decrypted when i log in and i get all these errors starting with one
about .ICEauthority file or something.
if i move that wrapped-passphrase file back to ~/.ecryptfs then things
get decrypted when i log in. so it seems like that file is necessary
but its also stored in an unencrypted location for whomever steals my
computer to use to decrypt my home directory, defeating the whole point
of encryption. i guess i'm obviously not understanding something here,
can someone clarify? thanks
More information about the ubuntu-users
mailing list