eCryptfs

possibility to set a binary encryption key for ecryptfs

Bug #1063985 reported by Ilya on 2012-10-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	eCryptfs	Incomplete	Low	Tyler Hicks

Bug Description

I'd like to have possibility to set a binary encryption key for ecryptfs.
See this expected use case for example:
$ od -x -N 32 -w32 /dev/urandom | head -n 1 | sed "s/^0000000//" | sed "s/\s*//g" > /tmp/random_key
$ printf "%s" "wrapping passphrase" | ecryptfs-wrap-passphrase -i /tmp/random_key -o my_ecryptfs-wrapped-passphrase
$ printf "%s" "wrapping passphrase" | ecryptfs-insert-wrapped-passphrase-into-keyring -i my_ecryptfs-wrapped-passphrase
or
$ printf "%s" "wrapping passphrase" | ecryptfs-unwrap-passphrase -i my_ecryptfs-wrapped-passphrase -o - | ecryptfs-add-passphrase -i -

Please, see proposed patch for details.
Maybe you would have separate *_bk versions of ecryptfs utils?
But I combine old and new behavior (it backward compatible).

Revision history for this message

Ilya (mirraz1) wrote on 2012-10-08:

1.patch Edit (35.3 KiB, text/plain)

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2012-10-09:

Thanks, Mirraz! I'll try to get this reviewed sometime this week.

Changed in ecryptfs:
assignee:	nobody → Tyler Hicks (tyhicks)
importance:	Undecided → Low
status:	New → Confirmed

Dustin Kirkland  (kirkland) on 2012-10-09

Changed in ecryptfs:
status:	Confirmed → Incomplete

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2012-10-09:

Hi there, thanks for the report.

So I'm a little confused, as I think that this should be more or less possible with eCryptfs already.

Although it's minimally tested, you should be able to have binary data inside of a wrapped-passphrase file just as easily as a simple string. Here's a basic set of instructions that should show this:

$ head -c 32 /dev/urandom > random
$ printf "%s" "$(head -c 32 random)" | md5sum
80f67420502f86d99aa995ba5ed71f5d -
$ printf "%s\n%s" "$(head -c 32 random)" "foobar" | ecryptfs-wrap-passphrase random.wrapped -
$ printf "%s" "foobar" | ecryptfs-unwrap-passphrase random.wrapped - > random.unwrapped
$ head -c 32 random.unwrapped | md5sum
80f67420502f86d99aa995ba5ed71f5d -

Revision history for this message

Ilya (mirraz1) wrote on 2012-10-10:

Sorry, in my first comment I gave wrong first step, it was for old behavior, but I wanted something like your
$ head -c 32 /dev/urandom > random
Thanks for correct understanding!

So, about your comment. Please, try random file with this content (in hex):
A5 60 83 5F 0A D2 9D 5D
or with this:
A5 60 83 5F 00 D2 9D 5D

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

1.patch Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.