correct mount options in /etc/fstab

Hello,

I have been using ecryptfs for over a year in my home directory. Ubuntu and the PAM module does all the mounting automatically, so there are no problems there.

Now, I also have a second directory (an archive) that is also encrypted. For over a year, I have been having all kinds of issues trying to mount it. The only reliable way to do this is to add the keys to the kernel keyring with 'ecryptfs-add-passphrase --fnek' before mounting.

I find the use of two commands counterintuitive, especially because I also have to type the passphrase twice. Other threads indicate that the mount helper generates the keys if they are not found in the kernel keyring, but that does not work for me.

Perhaps my entry in /etc/fstab is incomplete? Do I have to specify explicitly that the filenames are encrypted?

/srv/archive/user /srv/archive/user ecryptfs rw,user,exec,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_sig=XXX,ecryptfs_fnek_sig=XXX,ecryptfs_passthrough=no,ecryptfs_unlink_sigs 0 0

Also has the 'noauto' option disappeared?

Perhaps befitting, the error messages are very cryptic. They occur in varying situations and combinations:

1. do_hash: PK11_HashBuf() error; SECFailure = [-1]; PORT_GetError() = [-8128]
2. mount.ecryptfs: ecryptfs_add_passphrase_key_to_keyring: Error attempting to generate the passphrase auth tok payload; rc = [-22]
3. ecryptfs_parse_options: eCryptfs: unrecognized option [noauto]
4. Could not find valid key in user session keyring for sig specified in mount option: [XXX]
5. mount.ecryptfs: Failed to perform eCryptfs mount: [No such file or directory]
6. One or more global auth toks could not properly register; rc = [-2]
7. mount.ecryptfs: Error generating passphrase signature; rc = [-22]
8. process_request_key_err: No key

Is there a way to mount an ecryptfs-encrypted volume with fnek in one command (typing the passphrase only once)?

Running Ubuntu maverick.

Thank you,
Felix