eCryptfs

(wishlist) mount private directory of specific location

Bug #1036418 reported by c
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
eCryptfs
Incomplete
Wishlist
Unassigned

Bug Description

Can ecrypfs-util provides function for user to mount private directory of specific location (not ~/Private)?

There is a utility "encrypfs-simple" for this, please consider implement it or merge it upstream
http://xyne.archlinux.ca/projects/ecryptfs-simple/

This may be useful for user to restore from backup, or changing passphrase, or multiple encrypt folder with different keys.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1036418] [NEW] (wishlist) mount private directory of specific location

You might also look at the mount.ecryptfs_private man page.
I always alias it to 'emount', then do

 emount m
 emount p
 emount g
 emount camera_backup
 emount gmail
 (etc...)

to mount just the bits I'm using, at places specified in
$HOME/.ecryptfs/$alias.conf ($alias being m, p, g,
camera_backup, etc). Then I rsync the encrypted directories
to geographically distributed backup points. (Because,
frankly, I have bad luck with disasters)

Quoting c (<email address hidden>):
> Public bug reported:
>
> Can ecrypfs-util provides function for user to mount private directory
> of specific location (not ~/Private)?
>
> There is a utility "encrypfs-simple" for this, please consider implement it or merge it upstream
> http://xyne.archlinux.ca/projects/ecryptfs-simple/
>
> This may be useful for user to restore from backup, or changing
> passphrase, or multiple encrypt folder with different keys.
>
> ** Affects: ecryptfs
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of eCryptfs
> Developers, which is subscribed to eCryptfs.
> https://bugs.launchpad.net/bugs/1036418
>
> Title:
> (wishlist) mount private directory of specific location
>
> Status in eCryptfs:
> New
>
> Bug description:
> Can ecrypfs-util provides function for user to mount private directory
> of specific location (not ~/Private)?
>
> There is a utility "encrypfs-simple" for this, please consider implement it or merge it upstream
> http://xyne.archlinux.ca/projects/ecryptfs-simple/
>
> This may be useful for user to restore from backup, or changing
> passphrase, or multiple encrypt folder with different keys.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ecryptfs/+bug/1036418/+subscriptions

Revision history for this message
Tyler Hicks (tyhicks) wrote :

ecryptfs-simple is terribly insecure and has no chance of ever being merged. Last I looked, it was simply a setuid root wrapper around mount.ecryptfs. The mount.ecryptfs code is not written correctly for this.

If you're able, please encourage the ecryptfs-simple author to work with us (upstream) to get something more suitable implemented.

Revision history for this message
Tyler Hicks (tyhicks) wrote :

I believe that the mount.ecryptfs_private alias feature meets your needs. Please give it a try and let us know.

If it works for you, mark the bug invalid. If not, change the bug status back to new and let us know what is missing.

Thanks!

Changed in ecryptfs:
status: New → Incomplete
importance: Undecided → Wishlist
Revision history for this message
c (lsching17) wrote :

i test it at Xubuntu x64 12.04, ecryptfs-utils (96-0ubuntu3), kernel 3.2.0-29

mount.ecryptfs_private alias works but it seems to have the following restriction: (documented in "man mount.ecryptfs_private")

- config files must be under $HOME
- cipher must be AES
- key length must be 16 byte
- how to use filename encryption?
- do not manage the passphrase in kernel keyring

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1036418] Re: (wishlist) mount private directory of specific location

Quoting c (<email address hidden>):
> i test it at Xubuntu x64 12.04, ecryptfs-utils (96-0ubuntu3), kernel
> 3.2.0-29
>
> mount.ecryptfs_private alias works but it seems to have the following
> restriction: (documented in "man mount.ecryptfs_private")
>
> - config files must be under $HOME
> - cipher must be AES
> - key length must be 16 byte
> - how to use filename encryption?

If you'd like to offer patches to enhance these, that would be great.

> - do not manage the passphrase in kernel keyring

I'm not sure what you mean. I always use the keys in the kernel
keyring

 ecryptfs-add-passphrase
 emount p
 emount m
 ...

-serge

Revision history for this message
c (lsching17) wrote :

> If you'd like to offer patches to enhance these, that would be great.

I don't realize that reading parameter is a difficult task for developer that user's assistance is required.

Besides, i don't realize that AES with 16 bit key is so perfect that will never has a chance of security vulnerability discovered, so that developer can make a decision to hardcode it inside the program.

Revision history for this message
Aaron Whitehouse (aaron-whitehouse) wrote :

Hello,

I have tried doing the following:
1. Create a folder /home/aaron/Shared/ that I have access to.
2. Create a file ~/.ecryptfs/Shared.conf
3. Put the following into the file:
/home/shared /home/aaron/Shared ecryptfs none 0 0
4. Running it
$ mount.ecryptfs_private Shared
but I get the error:
fopen: No such file or directory
keyctl_search: Success
Perhaps try the interactive 'ecryptfs-mount-private'

Can anybody please point me to what I am doing wrong?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.