[clug] Ubuntu Lynx (10.04) and ecryptfs
Andrew Janke
a.janke at gmail.com
Mon May 3 18:49:52 MDT 2010
>> 2. given #1 how does recovery work?
> It's not a one liner. See
> https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering
> Your Data Manually
Aye, I have gone through this but it seems to be outdated or at least
missing information for the scheme used in Lynx.
First I do this:
$ ecryptfs-unwrap-passphrase
/home/.ecryptfs/<username>/.ecryptfs/wrapped-passphrase
<login-password>
<result>
Which gives me an autogenerated (I suspect?) key that was made on
install. I understand that if I loose this I am stuffed and cannot get
my data back. So then I attempt to mount my private dir somewhere
else (on the same machine) as a test:
# mount -t ecryptfs /home/.ecryptfs/<username>/.Private /mnt/foo
And am then confronted with a series of questions to which I do not
know the answer so take guesses (defaults):
elect cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]:
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]:
Enable plaintext passthrough (y/n) [n]:
Enable filename encryption (y/n) [n]: y
...
After a number of guesses I am still at a loss. Is there anyway to
tell which options are used by Lynx in some config file somewhuther?
> If you go down this road, you should see if you can take your hard
> drive to another computer and mount your encrypted home directory
> there. A default Ubuntu 9.04 install, for example, is missing a few
> packages for mounting ecrypt volumes (and it wasn't entirely obvious
> to me which package was missing).
>
> Can you (quickly) mount it from a Centos box? An older Ubuntu install?
Exactly. As of right now, no I can't and this makes me a "tad" concerned.
> And don't forget to save the "mount passphrase" somewhere safe but
> quickly accessible.
And this part worries me as well. A USB stick? send an email to myself
in gmail? What happens when I find this drive 10 years down the track?
I am about to just dump it all and go back to a non-encrypted /home
and single password encrypted backup volumes.
Not being able to get to my data is a far greater risk to me than
someone else getting it. (so far) It was for this reason that I
converted all my old word docs from years back to text. :)
--
Andrew Janke
(a.janke at gmail.com || http://a.janke.googlepages.com/)
Canberra->Australia +61 (402) 700 883
More information about the linux
mailing list