Can I mount eCryptfs with a public key?

Asked by Dustin Kirkland  on 2008-09-25

You can mount eCryptfs with a public key if you have public key support (pubkey) in your kernel. You first need to generate a public/private keypair. Run ecryptfs-manager, follow the prompts to generate the keypair for the key module of your choosing, start the ecryptfsd daemon, and then specify the key module when mounting. For instance, for the OpenSSL key module, assuming you created your key in /usb-drive/mykey.pem and you want to do a layover mount on /secret, run:

# ecryptfsd
# mount -t ecryptfs -o key=openssl:keyfile=/usb-drive/mykey.pem /secret /secret

Question information

Language:
English Edit question
Status:
Solved
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Solved by:
Dustin Kirkland 
Solved:
2008-09-25
Last query:
2008-09-25
Last reply:
Dustin Kirkland  (kirkland) said : #1

From the FAQ:

You can mount eCryptfs with a public key if you have public key support (pubkey) in your kernel. You first need to generate a public/private keypair. Run ecryptfs-manager, follow the prompts to generate the keypair for the key module of your choosing, start the ecryptfsd daemon, and then specify the key module when mounting. For instance, for the OpenSSL key module, assuming you created your key in /usb-drive/mykey.pem and you want to do a layover mount on /secret, run:

# ecryptfsd
# mount -t ecryptfs -o key=openssl:keyfile=/usb-drive/mykey.pem /secret /secret

Ali Mahjur (mahjur) said : #2

Hi,

I have a question. Can I mount an eCryptfs file system providing only the public key? In other words, I need to mount a file system without the private key.

I assumed that the below commands should do it:

# ecryptfsd
# mount -t ecryptfs -o key=openssl:keyfile=/usb-drive/mykey.pem /secret /secret

However, it failed. I added some printk to the kernel and I found that no options is passed to the parse_options function.