I already encrypted my home directory as describend in the wiki here: https://wiki.archlinux.org/index.php/EC … 8simple.29
/home/.ecryptfs/michael/.Private on /home/michael type ecryptfs (rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=11111111111111111111,ecryptfs_sig=aaaaaaaaaaaaaaaa,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)
MY GOAL IS: Encrypt a Folder "encrypted" on a second hard drive in my pc, that gets autodecrypted when i login with my login password on gdm. the partition on that hard drive is sdb1, just for future references
Long story short: I tried several ways to adapt the encryption of the home folder to the folder on sdb1. the wiki did not help me much with this (encryption was working but nothing like automaticaly decrypt on logon or smthg(.
then i found the ecryptfs readme file: http://ecryptfs.sourceforge.net/README and read the PAM MODULE section.
it points that i had to add my passphrase for the encrypted folder in sdb1 to the session keyring using ecryptfs-manager.
Then, log in as the regular
user. Manually add your passphrase to the user session keyring via the
i also added the line in my fstab:
/run/media/michael/Seagate/.encrypted /run/media/michael/Seagate/encrypted ecryptfs user,noauto,rw,relatime,ecryptfs_sig=bbbbbbbbbbbbbbb,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs
after that, i could easily mount the folder through nautilus or with the `mount -i /run/media/michael/Seagate/encrypted` command.
the bad thing is: after loging off and on again, the mount again didnt work until i added the passphrase for the sdb1 folder again to the ecryptfs-manager.
Before adding the passphrase:
michael@tyron ~ (@ ✹master)$ keyctl show Session Keyring 18821945 --alswrv 1000 -1 keyring: _uid_ses.1000 980991344 --alswrv 1000 -1 \_ keyring: _uid.1000 809041303 --alswrv 1000 100 \_ user: aaaaaaaaaaaaaaa 1033993612 --alswrv 1000 100 \_ user: ?????????????
after adding the passphrase
michael@tyron ~ (@ ✹master)$ keyctl show Session Keyring 18821945 --alswrv 1000 -1 keyring: _uid_ses.1000 980991344 --alswrv 1000 -1 \_ keyring: _uid.1000 809041303 --alswrv 1000 100 \_ user: aaaaaaaaaaaaaaaa 1033993612 --alswrv 1000 100 \_ user: ??????????????? 367799740 --alswrv 1000 100 \_ user: bbbbbbbbbbbbbb
Where aaaaa.. is the key for my home dir and bbbbb... the key for the folder on sdb1 These keys are identical to the keys listed in fstab/mount.
(Phrases are both the same but the key differs, i think because of a salt or something)
The ecryptfs readmy also pointed, that i have to insert
auth required pam_ecryptfs etc.
in pam.d/gdm-password, login and system-auth (like its documented in the arch wiki), what i already did for encrypting my home folder. but i double checked it.
now i'm lost - i thought with these pam modules, the decryption works automaticaly on system logon. it doesnt, but gives me a strange error message until i reenter my passphrase for sdb1 to the ecryptfs-manager
Can you tell me how to manage my problem or where my mistake is?
Tank you for reading this wall of text i really hope for any answers!
A couple of questions which I wonder about:
1. What is your fstab line for sdb1?
2. Did you try to let PAM automount it on login via ~/.bash_profile as described in the readme? I am not sure it works, if you login and only mount manually afterwards.
3. Which PAM mount options did you use? The ones from the wiki link directly or which one from this section? 6b?