I want to have an encrypted directory (not homedir!) let's say /testdata.
I have used the following command and parameters to encrypt it:
root@pc:~# mount -t ecryptfs /testdata/ /testdata/ Passphrase: Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 Selection [aes]: Select key bytes: 1) 16 2) 32 3) 24 Selection : Enable plaintext passthrough (y/n) [n]: Enable filename encryption (y/n) [n]: y Filename Encryption Key (FNEK) Signature [b9fc92f854a4c85b]: Attempting to mount with the following options: ecryptfs_unlink_sigs ecryptfs_fnek_sig=b9fc92f854a4c85b ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=b9fc92f854a4c85b WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt], it looks like you have never mounted with this key before. This could mean that you have typed your passphrase wrong. Would you like to proceed with the mount (yes/no)? : yes Would you like to append sig [b9fc92f854a4c85b] to [/root/.ecryptfs/sig-cache.txt] in order to avoid this warning in the future (yes/no)? : yes Successfully appended new sig to user sig cache file Mounted eCryptfs
This command creates this file:
root@pc:~# cat .ecryptfs/sig-cache.txt b9fc92f854a4c85b
Now I want to change the passphrase I used before. I found the
ecryptfs-rewrap-passphrase command but I am not sure if I am on the right path:
root@pc:~# ecryptfs-rewrap-passphrase .ecryptfs/sig-cache.txt Old wrapping passphrase: New wrapping passphrase: New wrapping passphrase (again): Error: Unwrapping passphrase failed [-5] Info: Check the system log for more information from libecryptfs
Jul 13 13:16:19 pc ecryptfs-rewrap-passphrase: ecryptfs_unwrap_passphrase: PK11_CipherOp() error; SECFailure = [-1]; PORT_GetError() = [-8188]
I have a newbie status in regards to ecryptfs and I would appreciate some enlightenment here.
I see you are trying to push the password in a file that is having other meaning.
or most certainly… but better search manually for the
I think this is the right command for changing the password, where
$USERis your user
P. S.: Better not to be logged in and with your folder decrypted.