All filenames - but not the contents - of the encrypted home directory not being unencrypted when logging in.

Bug #802167 reported by PeterPall on 2011-06-26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)

Bug Description

Didn't update my system for 3 days. After today's update my auth.log each time I try to log in contains the follwing message:
Can't check if kernel supports ecryptfs

at logout umount.ecryptfs complains to the syslog:
syslog:Jun 26 11:30:28 localhost umount.ecryptfs: Failed to find key with sig [XXXXXXXXXXXX]: Required key not available

mount tells:
/dev/sda1 on / type ext4 (rw,noatime,errors=remount-ro,commit=0)
proc on /proc type proc (rw,noexec,nosuid,nodev)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
/home/gunter/.Private on /home/gunter type ecryptfs (ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs,ecryptfs_sig=XXXXXXXXXX)

Unfortunately all files in my home folder that are mounted this way are still named like the unencrypted contents of the files in /home/gunter/.Private before I log in so I've basically lost any way to easily access my private data.

Since the *contents* of the files is unencrypted when I log in, though, I would be able to recover most of the important files. But I still hope that the problem has to do with cryptfs not liking kernel 3.0.1 and there will be an easier way to do so in the future.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: cryptsetup 2:1.1.3-4ubuntu1
ProcVersionSignature: Ubuntu 3.0-1.2-generic 3.0.0-rc3
Uname: Linux 3.0-1-generic i686
NonfreeKernelModules: wl
Architecture: i386
Date: Sun Jun 26 14:45:17 2011
 PATH=(custom, no user)
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
crypttab: # <target name> <source device> <key file> <options>

PeterPall (peterpall) wrote :
PeterPall (peterpall) wrote :

Perhaps found the real reason of this problem: Something has installed libpam-encfy on update.
There really should be a mechanism that prevents from completely uninstalling vital systems like all package managers, locale support - or this one too easily.

Steve Langasek (vorlon) wrote :

cryptsetup and ecryptfs are unrelated to each other. reassigning to ecryptfs-utils.

affects: cryptsetup (Ubuntu) → ecryptfs-utils (Ubuntu)
PeterPall (peterpall) wrote :

Thanks a lot!
In the meantime I have installed libpam-encfs - with no visible effect.

ecryptfs-recover-private returns the following error message:

inserted auth-tok with sig [XXXXXXX] into the user session keyring
ERROR: The key required to access this private data is not available.

PeterPall (peterpall) wrote :

Perhaps found the real reason for the problem now:

ecryptfs-unwrap-passphrase /home/.ecryptfs/gunter/.ecryptfs/wrapped-passphrase
root@calcula:/home# ecryptfs-add-passphrase --fnek
Passphrase: [entered the passphrase from above here]
Error: Your kernel does not support filename encryption

Why this error message did happen?

PeterPall (peterpall) on 2011-06-26
description: updated
summary: - Can't check if kernel supports ecryptfs
+ All filenames - but not the contents - of the encrypted home directory
+ not being unencrypted when logging in.
Changed in ecryptfs-utils (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers