encryption metadata not stored with filesystem

encryption metadata not stored with filesystem

[Martin Steigerwald]

Hi!

On trying to work with ecryptfs I have found that I have to store ecryptfs 
configuration in an undocumented file ~/.ecryptfsrc like:

merkaba:~> cat .ecryptfsrc 
ecryptfs_unlink_sigs
ecryptfs_sig=[…]
ecryptfs_fnek_sig=[…]
ecryptfs_xattr
ecryptfs_key_bytes=32
ecryptfs_cipher=aes
ecryptfs_passthrough=n

in order to mount ecryptfs without mount options.

This makes handling of ecryptfs filesystem more complicated than encfs, since 
encfs seems to store encryption metadata in the encrypted directory itself:

merkaba:~> ls -l /home/.ms2/.encfs5
-rw-r----- 1 root root 241 Mai 19  2008 /home/.ms2/.encfs5

Thus with ecryptfs I have to save the encrypted directory and the filesystem 
settings for a backup while with encfs its enough to copy the encrypted 
directory.

Please consider to add this feature in ecryptfs.

It will also make setting up ecryptfs easier.

Thanks,
-- 
Martin Steigerwald - teamix GmbH - http://www.teamix.de
gpg: 19E3 8D42 896F D004 08AC A0CA 1E10 C593 0399 AE90

Re: encryption metadata not stored with filesystem

[Dustin Kirkland]

On Mon, Dec 19, 2011 at 6:36 AM, Martin Steigerwald <ms@teamix.de> wrote:
> On trying to work with ecryptfs I have found that I have to store ecryptfs
> configuration in an undocumented file ~/.ecryptfsrc like:
>
> merkaba:~> cat .ecryptfsrc
> ecryptfs_unlink_sigs
> ecryptfs_sig=[…]
> ecryptfs_fnek_sig=[…]
> ecryptfs_xattr
> ecryptfs_key_bytes=32
> ecryptfs_cipher=aes
> ecryptfs_passthrough=n
>
> in order to mount ecryptfs without mount options.

Thanks for that suggestion.  I've actually just created a bug to track
this.  I'll try to get this working better this week:
 * https://bugs.launchpad.net/ecryptfs/+bug/906550

Cheers!
-- 
:-Dustin

Dustin Kirkland
Chief Architect
Gazzang, Inc.
www.gazzang.com

Re: encryption metadata not stored with filesystem

[Martin Steigerwald]

Am Montag, 19. Dezember 2011 schrieb Dustin Kirkland:
> On Mon, Dec 19, 2011 at 6:36 AM, Martin Steigerwald <ms@teamix.de> wrote:
> > On trying to work with ecryptfs I have found that I have to store
> > ecryptfs configuration in an undocumented file ~/.ecryptfsrc like:
> > 
> > merkaba:~> cat .ecryptfsrc
> > ecryptfs_unlink_sigs
> > ecryptfs_sig=[…]
> > ecryptfs_fnek_sig=[…]
> > ecryptfs_xattr
> > ecryptfs_key_bytes=32
> > ecryptfs_cipher=aes
> > ecryptfs_passthrough=n
> > 
> > in order to mount ecryptfs without mount options.
> 
> Thanks for that suggestion.  I've actually just created a bug to track
> this.  I'll try to get this working better this week:
>  * https://bugs.launchpad.net/ecryptfs/+bug/906550

Thanks, Dustin.

One part of my suggestion was to store the configuration of an ecryptfs 
filesystem within the encrypted directory.

With encfs I can rsync the crypted directory to somewhere else and then just 
mount it on the remote machine like I would on my local one. I do not have to 
think about copying the ecryptfs configuration as well.

When I manage to dig out my Launchpad account or create a new one for my 
company's mail address I add that to the bug report.

Ciao,
-- 
Martin Steigerwald - teamix GmbH - http://www.teamix.de
gpg: 19E3 8D42 896F D004 08AC A0CA 1E10 C593 0399 AE90

Re: encryption metadata not stored with filesystem

[Dustin Kirkland]

On Tue, Dec 20, 2011 at 3:53 AM, Martin Steigerwald <ms@teamix.de> wrote:
> One part of my suggestion was to store the configuration of an ecryptfs
> filesystem within the encrypted directory.
>
> With encfs I can rsync the crypted directory to somewhere else and then just
> mount it on the remote machine like I would on my local one. I do not have to
> think about copying the ecryptfs configuration as well.
>
> When I manage to dig out my Launchpad account or create a new one for my
> company's mail address I add that to the bug report.

Okay, thanks, noted.  I'll have to think on this a little more.

Dustin