104-0ubuntu1.14.04.3 for AMD64 doesn't have ecryptfs-generate-tpm-key in comipled version

Bug #1446055 reported by Vladislav on 2015-04-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)

Bug Description

The problem is that in the compiled packed for Ubuntu (Architecture: amd64
Version: 104-0ubuntu1.14.04.3) a tool called 'ecryptfs-generate-tpm-key' is missing.

It exists in source codes pack and in Debian compiled packed. But successfully missed in Ubuntu. Please fix it.

Vladislav (vkravchenko) wrote :

C'm. This is a bug and it can be solved easily at the programmers' side.

James Johnston (mail-codenest) wrote :

From what I've been able to tell, this tool is obsolete and apparently isn't built any more with the Ubuntu ecryptfs userspace tools. As you read in the IBM whitepaper, the ecryptfs-generate-tpm-key command is used in conjunction with the TSPI key module of ecryptfs.

But a maintainer of ecryptfs has stated that the TSPI module was a proof of concept (supposedly it doesn't perform well since it uses TPM on every file I/O) and should not have made it into the upstream ecryptfs-utils project to begin with: https://bugs.launchpad.net/ecryptfs/+bug/787907. He said he was going to remove it when kernel 3.1 was released; I suppose that has probably happened by now. (Maybe he missed the man page?)

Apparently the replacement is to use trusted and encrypted keys on the kernel keyring, but I'm struggling with that, too: http://askubuntu.com/questions/750792/practical-use-of-ecryptfs-encrypted-keys-and-tpm-how-to-convert-existing-user

Vladislav (vkravchenko) wrote :

James, do you know a manual that describes the way how to use ecryptfs with storing keys in TPM?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers