Can't find ecryptfs-generate-tpm-key tool in the latest pack

Asked by Vladislav

Dear All!

I'm trying to set-up an encrypted folder with cryptfs and I'd like to store the pass certificate at TPM installed at the mainboard.

I use Ubuntu Server 14.x and following this instruction

Currently I stucked at the command ecryptfs-generate-tpm-key -p 0 -p 2 -p 3

According to this web-site this command should be in eCryptFS-Utils package. But I can't find this command at my system. And the system also can't find it.

Could you please help me? Where is this command now? May be it was removed or renamed?

PS. This util generates a certificate and puts it into TPM.
PSS. Installed version is:

Architecture: amd64
Version: 104-0ubuntu1.14.04.3

Question information

English Edit question
Ubuntu ecryptfs-utils Edit question
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said :

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
Vladislav (vkravchenko) said :

The tool exists in in debian package and ubuntu sources. But it is missed in Ubuntu compiled version.

Revision history for this message
Manfred Hampl (m-hampl) said :

I recommend that you create a bug report about this issue

Revision history for this message
Vladislav (vkravchenko) said :
Revision history for this message
James Johnston (mail-codenest) said :

From what I've been able to tell, this tool is obsolete and apparently isn't built any more with the Ubuntu ecryptfs userspace tools. As you read in the IBM whitepaper, the ecryptfs-generate-tpm-key command is used in conjunction with the TSPI key module of ecryptfs.

But a maintainer of ecryptfs has stated that the TSPI module was a proof of concept (supposedly it doesn't perform well since it uses TPM on every file I/O) and should not have made it into the upstream ecryptfs-utils project to begin with: He said he was going to remove it when kernel 3.1 was released; I suppose that has probably happened by now. (Maybe he missed the man page?)

Apparently the replacement is to use trusted and encrypted keys on the kernel keyring, but I'm struggling with that, too:

Can you help with this problem?

Provide an answer of your own, or ask Vladislav for more information if necessary.

To post a message you must log in.