You are not logged in.

#1 2012-11-19 01:01:50

jik779
Member
From: Germany
Registered: 2012-08-04
Posts: 17

Encrypt a second hard drive with ecryptfs

Hey folks,
I already encrypted my home directory as describend in the wiki here: https://wiki.archlinux.org/index.php/EC … 8simple.29
mount says

/home/.ecryptfs/michael/.Private on /home/michael type ecryptfs (rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=11111111111111111111,ecryptfs_sig=aaaaaaaaaaaaaaaa,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)

MY GOAL IS: Encrypt a Folder "encrypted" on a second hard drive in my pc, that gets autodecrypted when i login with my login password on gdm. the partition on that hard drive is sdb1, just for future references smile

Long story short: I tried several ways to adapt the encryption of the home folder to the folder on sdb1. the wiki did not help me much with this (encryption was working but nothing like automaticaly decrypt on logon or smthg(.

then i found the ecryptfs readme file: http://ecryptfs.sourceforge.net/README and read the PAM MODULE section.

it points that i had to add my passphrase for the encrypted folder in sdb1 to the session keyring using ecryptfs-manager.

Then, log in as the regular
user. Manually add your passphrase to the user session keyring via the
ecryptfs-manager utility.

i also added the line in my fstab:

 /run/media/michael/Seagate/.encrypted /run/media/michael/Seagate/encrypted ecryptfs user,noauto,rw,relatime,ecryptfs_sig=bbbbbbbbbbbbbbb,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs 

after that, i could easily mount the folder through nautilus or with the `mount -i /run/media/michael/Seagate/encrypted` command.

the bad thing is: after loging off and on again, the mount again didnt work until i added the passphrase for the sdb1 folder again to the ecryptfs-manager.

Before adding the passphrase:

michael@tyron ~ (@ ✹master)$ keyctl show                                   
Session Keyring
  18821945 --alswrv   1000    -1  keyring: _uid_ses.1000
 980991344 --alswrv   1000    -1   \_ keyring: _uid.1000
 809041303 --alswrv   1000   100       \_ user: aaaaaaaaaaaaaaa
1033993612 --alswrv   1000   100       \_ user: ?????????????

after adding the passphrase

michael@tyron ~ (@ ✹master)$ keyctl show     
Session Keyring
  18821945 --alswrv   1000    -1  keyring: _uid_ses.1000
 980991344 --alswrv   1000    -1   \_ keyring: _uid.1000
 809041303 --alswrv   1000   100       \_ user: aaaaaaaaaaaaaaaa
1033993612 --alswrv   1000   100       \_ user: ???????????????
 367799740 --alswrv   1000   100       \_ user: bbbbbbbbbbbbbb

Where aaaaa.. is the key for my home dir and bbbbb... the key for the folder on sdb1 These keys are identical to the keys listed in fstab/mount.
(Phrases are both the same but the key differs, i think because of a salt or something)

The ecryptfs readmy also pointed, that i have to insert

auth required pam_ecryptfs etc.

in pam.d/gdm-password, login and system-auth (like its documented in the arch wiki), what i already did for encrypting my home folder. but i double checked it.

now i'm lost - i thought with these pam modules, the decryption works automaticaly on system logon. it doesnt, but gives me a strange error message until i reenter my passphrase for sdb1 to the ecryptfs-manager

Can you tell me how to manage my problem or where my mistake is?

Tank you for reading this wall of text wink i really hope for any answers!

Kind regards,
--michael

Offline

#2 2012-11-19 21:05:06

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,277

Re: Encrypt a second hard drive with ecryptfs

A couple of questions which I wonder about:
1. What is your fstab line for sdb1?
2. Did you try to let PAM automount it on login via ~/.bash_profile as described in the readme? I am not sure it works, if you login and only mount manually afterwards.
3. Which PAM mount options did you use? The ones from the wiki link directly or which one from this section? 6b?

Offline

Board footer

Powered by FluxBB