When mounting a ecryptfs encrypted folder, I have the question,
Filename Encryption Key (FNEK) Signature [d3f92227db598fd6]:
I want to automatically answer to this question, and it is done with the option ecryptfs_sig=(fekek_sig) (see man ecryptfs)
However, I don't but I don't know what should be the argument.
What is the argument that should be given to ecryptfs_sig to automatically chose the FNEK?
My guess is that I should add a key with ecryptfs-add-passphrase.
PS:
From man ecryptfs:
ecryptfs_sig=(fekek_sig)
Specify the signature of the mount wide authentication token. The authentication token must be in the kernel keyring before the mount is performed. ecryptfs-
manager or the eCryptfs mount helper can be used to construct the authentication token and add it to the keyring prior to mounting.
The automated expression I already have:
mount -t ecryptfs,key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough,ecryptfs_enable_filename_crypto=y,no_sig_cache $FOLDER $FOLDER
Your guess is rigtht; you must run ecryptfs-add-passphrase --fnek; the option for mount is ecryptfs_fnek_sig=. See the answer to the question How do I mount an eCryptFS encrypted partition on login under the heading "This script does work".
No comments:
Post a Comment