All filenames - but not the contents - of the encrypted home directory not being unencrypted when logging in.

Bug #802167 reported by PeterPall
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Didn't update my system for 3 days. After today's update my auth.log each time I try to log in contains the follwing message:
Can't check if kernel supports ecryptfs

at logout umount.ecryptfs complains to the syslog:
syslog:Jun 26 11:30:28 localhost umount.ecryptfs: Failed to find key with sig [XXXXXXXXXXXX]: Required key not available

mount tells:
/dev/sda1 on / type ext4 (rw,noatime,errors=remount-ro,commit=0)
proc on /proc type proc (rw,noexec,nosuid,nodev)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
/home/gunter/.Private on /home/gunter type ecryptfs (ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs,ecryptfs_sig=XXXXXXXXXX)

Unfortunately all files in my home folder that are mounted this way are still named like the unencrypted contents of the files in /home/gunter/.Private before I log in so I've basically lost any way to easily access my private data.

Since the *contents* of the files is unencrypted when I log in, though, I would be able to recover most of the important files. But I still hope that the problem has to do with cryptfs not liking kernel 3.0.1 and there will be an easier way to do so in the future.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: cryptsetup 2:1.1.3-4ubuntu1
ProcVersionSignature: Ubuntu 3.0-1.2-generic 3.0.0-rc3
Uname: Linux 3.0-1-generic i686
NonfreeKernelModules: wl
Architecture: i386
Date: Sun Jun 26 14:45:17 2011
ProcEnviron:
 SHELL=/bin/sh
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 LANGUAGE=en_US:en
 LC_TIME=de_DE.UTF-8
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
crypttab: # <target name> <source device> <key file> <options>

Revision history for this message
PeterPall (peterpall) wrote :
Revision history for this message
PeterPall (peterpall) wrote :

Perhaps found the real reason of this problem: Something has installed libpam-encfy on update.
There really should be a mechanism that prevents from completely uninstalling vital systems like all package managers, locale support - or this one too easily.

Revision history for this message
Steve Langasek (vorlon) wrote :

cryptsetup and ecryptfs are unrelated to each other. reassigning to ecryptfs-utils.

affects: cryptsetup (Ubuntu) → ecryptfs-utils (Ubuntu)
Revision history for this message
PeterPall (peterpall) wrote :

Thanks a lot!
In the meantime I have installed libpam-encfs - with no visible effect.

ecryptfs-recover-private returns the following error message:

inserted auth-tok with sig [XXXXXXX] into the user session keyring
ERROR: The key required to access this private data is not available.

Revision history for this message
PeterPall (peterpall) wrote :

Perhaps found the real reason for the problem now:

ecryptfs-unwrap-passphrase /home/.ecryptfs/gunter/.ecryptfs/wrapped-passphrase
Passphrase:
XXXXXXXXXXXXXXXXXXXXXX
root@calcula:/home# ecryptfs-add-passphrase --fnek
Passphrase: [entered the passphrase from above here]
Error: Your kernel does not support filename encryption

Why this error message did happen?

PeterPall (peterpall)
description: updated
summary: - Can't check if kernel supports ecryptfs
+ All filenames - but not the contents - of the encrypted home directory
+ not being unencrypted when logging in.
Changed in ecryptfs-utils (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.