encrypted home directory / wrapped-passphrase
NoOp
glgxg at sbcglobal.net
Thu Jul 19 23:48:46 UTC 2012
On 07/19/2012 02:26 PM, scar wrote:
> hi i used the ecryptfs-migrate-home command to encrypt my home
> directory, and during that process i am told:
>
> ************************************************************************
> YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
> ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
> THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
> ************************************************************************
>
> so i run that command and get the ~/.ecryptfs/wrapped-passphrase file,
> which it seems to me should be moved elsewhere, like removable storage,
> since it sounds like this file is to be used when i forget my password.
>
> however, when i move that file, my home directory no longer gets
> decrypted when i log in and i get all these errors starting with one
> about .ICEauthority file or something.
>
> if i move that wrapped-passphrase file back to ~/.ecryptfs then things
> get decrypted when i log in. so it seems like that file is necessary
> but its also stored in an unencrypted location for whomever steals my
> computer to use to decrypt my home directory, defeating the whole point
> of encryption. i guess i'm obviously not understanding something here,
> can someone clarify? thanks
>
This might help:
http://ecryptfs.sourceforge.net/ecryptfs-pam-doc.txt
More information about the ubuntu-users
mailing list