[Bug 1718658] Re: ecryptfs-mount-private fails to initialize ecryptfs keys

Redsandro 1718658 at bugs.launchpad.net
Fri Jul 20 13:14:33 UTC 2018 

#26 fixed this for me.

Doing a manual mount like so (used for safely storing private data in
the cloud) used to work since Ubuntu 12 or so.

However, today after updating from Ubuntu 16.04 LTS to 18.04 LTS, the
entire thing wouldn't mount anymore:

```
$ echo mypassphrase | sudo ecryptfs-add-passphrase --fnek -

Inserted auth tok with sig [abc] into the user session keyring
Inserted auth tok with sig [123] into the user session keyring

$ sudo /bin/mount -it ecryptfs "/media/locked" "/media/unlocked" -o
ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_sig=abc,ecryptfs_fnek_sig=123

mount: /home/local/Dropbox.unlocked: mount(2) system call failed: No such file or directory.
```

I read the following messages in `/var/log/syslog`:

```
kernel: [ 5608.396634] Could not find key with description: [abc]
kernel: [ 5608.396641] Could not find valid key in user session keyring for sig specified in mount option: [abc]
```

Apparently there are different keyrings now.

This fixed my script:

```
$ sudo keyctl link @u @s
$ sudo /bin/mount -it ecryptfs "/media/locked" "/media/unlocked" -o ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_sig=abc,ecryptfs_fnek_sig=123
```

For now everything works again, but the thing seems buggy. Ubuntu even
dropped the encrypted home because of it.

Ecryptfs seems to be eol. Looking for fresh solutions to protect the
privacy of my cloud files.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1718658

Title:
  ecryptfs-mount-private fails to initialize ecryptfs keys

Status in ecryptfs-utils package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  ecryptfs-mount-private fails to mount the ecryptfs after the 1st
  reboot after creating the ecryptfs by ecryptfs-setup-private.

  After the unsucessful attempt dmesg contains:

  [ 1265.695388] Could not find key with description: [<correct key ID>]
  [ 1265.695393] process_request_key_err: No key
  [ 1265.695394] Could not find valid key in user session keyring for sig specified in mount option: [<correct key ID>]
  [ 1265.695395] One or more global auth toks could not properly register; rc = [-2]
  [ 1265.695396] Error parsing options; rc = [-2]

  Note: The correct key ID has been replaced in the "<correct key ID>".

  I also accidentally found an workaround - just running ecrytpfs-
  manager and then the ecryptfs-mount-private (it does not ask for
  password for the second time and mounts the ecryptfs correctly):

  host:~$ ecryptfs-manager

  eCryptfs key management menu
  -------------------------------
  	1. Add passphrase key to keyring
  	2. Add public key to keyring
  	3. Generate new public/private keypair
  	4. Exit

  Make selection: 4
  host:~$ ls Private/
  Access-Your-Private-Data.desktop  README.txt
  host:~$ ecryptfs-mount-private 
  host:~$ ls Private/
  <ecryptfs content is present>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1718658/+subscriptions

More information about the foundations-bugs mailing list