[Bug 1718658] Re: ecryptfs-mount-private fails to initialize ecryptfs keys

Forest 1718658 at bugs.launchpad.net
Mon Jun 22 18:13:05 UTC 2020 

I hate to say this, folks, but ecryptfs looks like a dead end for us.
It's no longer supported by Ubuntu (the package has been moved to the
Universe repo). Also, the problem at hand is caused by systemd, which is
run by a man famous for releasing poorly-vetted, system-breaking
software, and then refusing to fix the damage he causes.

For a year or so, I maintained a systemd patch to work around this bug.
(It is posted above, but no longer applies to current systemd code.)
There was a time when it looked like the problem was finally fixed
upstream, but then it just broke again.

Anyone who (like me) has been using ecryptfs to encrypt a private directory and unlock it only when needed, might consider switching to gocryptfs.  From a user's point of view, it works similarly to ecryptfs.  There's also a handy GUI called SiriKali that works with it.
https://nuetzlich.net/gocryptfs/
https://mhogomchungu.github.io/sirikali/

Good luck.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1718658

Title:
  ecryptfs-mount-private fails to initialize ecryptfs keys

Status in ecryptfs-utils package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  ecryptfs-mount-private fails to mount the ecryptfs after the 1st
  reboot after creating the ecryptfs by ecryptfs-setup-private.

  After the unsucessful attempt dmesg contains:

  [ 1265.695388] Could not find key with description: [<correct key ID>]
  [ 1265.695393] process_request_key_err: No key
  [ 1265.695394] Could not find valid key in user session keyring for sig specified in mount option: [<correct key ID>]
  [ 1265.695395] One or more global auth toks could not properly register; rc = [-2]
  [ 1265.695396] Error parsing options; rc = [-2]

  Note: The correct key ID has been replaced in the "<correct key ID>".

  I also accidentally found an workaround - just running ecrytpfs-
  manager and then the ecryptfs-mount-private (it does not ask for
  password for the second time and mounts the ecryptfs correctly):

  host:~$ ecryptfs-manager

  eCryptfs key management menu
  -------------------------------
  	1. Add passphrase key to keyring
  	2. Add public key to keyring
  	3. Generate new public/private keypair
  	4. Exit

  Make selection: 4
  host:~$ ls Private/
  Access-Your-Private-Data.desktop  README.txt
  host:~$ ecryptfs-mount-private 
  host:~$ ls Private/
  <ecryptfs content is present>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1718658/+subscriptions

More information about the foundations-bugs mailing list