ecryptfs: what and where is the key represented by "fnek

ecryptfs: what and where is the key represented by "fnek_sig"?

I have encrypted private folder. In mount options there are two sigs: ecryptfs_fnek_sig and ecryptfs_sig. When I call keyctl show it shows, that I have two keys represented by these sigs. But actually I have only one key in my wraped-passphrase file. So my question is: where the second key comes from?

And additional question: what happens if I don't specify fnek_sig in mount options (provided I have file names encrypted)?

ecryptfs

ardabro

Posted 2017-08-15T21:47:57.170

Reputation: 383

Answers

the fnek key and its fnek_sig are generated automatically by ecryptfs, out of the passphrase you specified. You can manually insert the two keys into the keyring with the command line " ecryptfs-add-passphrase --fnek" - this will ask to enter the passphrase -. It will generate the main and fnek keys, insert them into the keyring and print the 2 signatures. The 2nd one is the fnek_sig. Very usefull when you want to manually recover an ecrypted folder.

rmufr

Posted 2017-08-15T21:47:57.170

Reputation: 1

Asked: 2017-08-15T21:47:57.170

Viewed: 394 times

Active: 2018-04-11T12:45:21.173