# ecryptfs-add-passphrase --fnek
Passphrase: 8fab560fcb7f693f6e1411427c4d11d9
Inserted auth tok with sig [3d7c87fdd9dd0964] into the user session keyring
Inserted auth tok with sig [e94bb6f9dad673b0] into the user session keyring
# mount -t ecryptfs /home/.ecryptfs/ubuntu/.Private /mnt
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_fnek_sig=e94bb6f9dad673b0
ecryptfs_xattr_metadata
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=3d7c87fdd9dd0964
Mounted eCryptfs
And the data can be read/written just fine.
Note that the ecryptfs-add-passphrase --fnek is unfortunately necessary to get the fnek loaded. I suppose we could/should add that logic somewhere.
Taking a few notes for myself...
I was able to get ecryptfs mounting manually using the following:
# cat /root/.ecryptfsrc passwd= 8fab560fcb7f693 f6e1411427c4d11 d9 unlink_ sigs sig=3d7c87fdd9d d0964 fnek_sig= e94bb6f9dad673b 0 key_bytes= 16 passthrough= n
key=passphrase
passphrase_
ecryptfs_
ecryptfs_
ecryptfs_
ecryptfs_xattr
ecryptfs_
ecryptfs_cipher=aes
ecryptfs_
# cat /root/. ecryptfs/ sig-cache. txt
3d7c87fdd9dd0964
# ecryptfs- add-passphrase --fnek f6e1411427c4d11 d9
Passphrase: 8fab560fcb7f693
Inserted auth tok with sig [3d7c87fdd9dd0964] into the user session keyring
Inserted auth tok with sig [e94bb6f9dad673b0] into the user session keyring
# mount -t ecryptfs /home/. ecryptfs/ ubuntu/ .Private /mnt unlink_ sigs fnek_sig= e94bb6f9dad673b 0 xattr_metadata key_bytes= 16 cipher= aes sig=3d7c87fdd9d d0964
Attempting to mount with the following options:
ecryptfs_
ecryptfs_
ecryptfs_
ecryptfs_
ecryptfs_
ecryptfs_
Mounted eCryptfs
And the data can be read/written just fine.
Note that the ecryptfs- add-passphrase --fnek is unfortunately necessary to get the fnek loaded. I suppose we could/should add that logic somewhere.