Public Key Support

Asked by TechnoSwiss

I had originally asked this question in the ecryptfs area, but this might be a package specific problem, so this is probably a better place to ask.

I have a base Ubuntu 9.04 server install (I did install the ubuntu-desktop package), and I've installed ecryptfs-utils and keyutils.

I'm trying to use the openssl public key as my key type.

Trying ecryptfs-manager and Generate new public/private keypair results in "Select key type to use for newly created files", but no options to select. Giving mount -t ecryptfs -o key=openssl:/home/myhome/key.pem yields an error.

I do have the openssl package installed, and ecryptfsd is running. I'm running the 2.6.28-15-server kernel, which I believe should support public key as the key type.

Does the server package of ecryptfs-utils not support public key as a key type? Have I missed a package that's required to enable this?


Question information

English Edit question
Ubuntu ecryptfs-utils Edit question
No assignee Edit question
Solved by:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :

If you wanted a desktop, why not install the desktop system. You have gained nothing by installing the server version first.

Seems coherent

Revision history for this message
TechnoSwiss (misterb) said :

The desktop was installed as a test, not a standard setup for my server. From what I understand also, the desktop version of the Ubuntu kernel doesn't have PAE enabled, and you have to use the alt. install to get software RAID support.

Thanks for the article, it does a very good job of spelling out using ecryptfs, however it does mention the option for choosing your keytype. Which is the crux of my problem, I'm not getting the option, and when I try to use an openssl key I get an error.

I was wrong about ecryptfsd running, a closer look at syslog revealed that it's getting an error "ecryptfs_init_miscdev: Error whilst attempting to open [/dev/ecryptfs]; errno msg = [Invalid argument]". Probably where my problem is.


Revision history for this message
Marius Marais (marius-marais) said :

OpenSSL is not enabled for ecryptfs in Ubuntu due to licensing incompatibilities.

An ls /usr/lib*/ecryptfs/ shows that only is enabled.

This is contrary to what the manpage says.

So, in short, it won't work.