4

I upgraded to 22.04 and now encfs segfaults when I try to mount my encrypted directory (which had been in use for many years now)

Michaela P
  • 41
  • What exact command are you running that triggers the segfault? Also, does the segfault have any (useful) error message? Side note: the last commit on that project was May 2020. Per the repo, the project is dormant, it has been deemed insecure, and development has been halted. So... there may not be a solution. To recover the data, you could try booting a 20.04/21.10 live CD, and using that to recover the data, and then move to some other way to encrypt your files – cocomac Apr 30 '22 at 04:26
  • (continued) Please note that live CDs are not persistent (they get wiped on reboot), so if you recover the data that way, please *do not* save the files to the live CD. Cloud storage (OneDrive, Google Drive) is a short-term option, or an external hard drive would do. But don't save them to the live CD. If you have tons of data (several TBs or more) consider using Backblaze B2 instead (no affiliation, but I've heard good things about it). – cocomac Apr 30 '22 at 04:29
  • 1
    It segfaulted after entering the password. I mounted a backup USB disk on a laptop still running 20.04 which worked fine and transferred the unencrypted data by sftp. It appears that creating a new encfs, which uses a newer format for the config file, works. Some incompatibly with the older format seems to have been introduced even though it's not a real new version of the program. Since it's poorly regarded I'll just stop using it but it was a big surprise to suddenly have a data-recovery project! – Michaela P May 01 '22 at 13:53

1 Answers1

4

Also ran into this, and was able to move forward by following the advice at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014193

In /etc/ssl/openssl.cnf (the name of this file seems to have changed in the past) make sure you have these sections:

[openssl_init]
providers = provider_sect

[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1
[legacy_sect]
activate = 1
Karol
  • 141
  • 1
    I tried Karol's answer of modifying /etc/ssl/openssl.conf and adding a legacy_sect, but I was then unable to log in to my machine via the gui! Fortunately I was able to get a TTY with Ctrl-Alt-F2 and revert the changes to the ssl config file. – John Stumbles Dec 18 '22 at 18:39
  • 1
    Not sure whether it's a typo or the filename in Debian is different but in Debian Bookworm the file path is /etc/ssl/openssl.cnf - cnf instead of conf. – Strachu Jan 01 '24 at 16:31
  • Either a typo or it has changed, it's also .cnf in my system now. Updated the answer. – Karol Jan 25 '24 at 23:08