Ubuntu
ecryptfs-utils package

Public Key Support

Asked by TechnoSwiss

I had originally asked this question in the ecryptfs area, but this might be a package specific problem, so this is probably a better place to ask.

I have a base Ubuntu 9.04 server install (I did install the ubuntu-desktop package), and I've installed ecryptfs-utils and keyutils.

I'm trying to use the openssl public key as my key type.

Trying ecryptfs-manager and Generate new public/private keypair results in "Select key type to use for newly created files", but no options to select. Giving mount -t ecryptfs -o key=openssl:/home/myhome/key.pem yields an error.

I do have the openssl package installed, and ecryptfsd is running. I'm running the 2.6.28-15-server kernel, which I believe should support public key as the key type.

Does the server package of ecryptfs-utils not support public key as a key type? Have I missed a package that's required to enable this?

Thanks

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu ecryptfs-utils Edit question
Assignee:
No assignee Edit question
Solved by:
TechnoSwiss
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

If you wanted a desktop, why not install the desktop system. You have gained nothing by installing the server version first.

http://sysphere.org/~anrxc/j/articles/ecryptfs/index.html

Seems coherent

Revision history for this message
TechnoSwiss (misterb) said : 		#2

The desktop was installed as a test, not a standard setup for my server. From what I understand also, the desktop version of the Ubuntu kernel doesn't have PAE enabled, and you have to use the alt. install to get software RAID support.

Thanks for the article, it does a very good job of spelling out using ecryptfs, however it does mention the option for choosing your keytype. Which is the crux of my problem, I'm not getting the option, and when I try to use an openssl key I get an error.

I was wrong about ecryptfsd running, a closer look at syslog revealed that it's getting an error "ecryptfs_init_miscdev: Error whilst attempting to open [/dev/ecryptfs]; errno msg = [Invalid argument]". Probably where my problem is.

Thanks

Revision history for this message
Marius Marais (marius-marais) said : 		#3

OpenSSL is not enabled for ecryptfs in Ubuntu due to licensing incompatibilities.

An ls /usr/lib*/ecryptfs/ shows that only libecruptfs_key_mod_passphrase.so is enabled.

This is contrary to what the manpage says.

So, in short, it won't work.