2

When mounting a ecryptfs encrypted folder, I have the question,

Filename Encryption Key (FNEK) Signature [d3f92227db598fd6]:

I want to automatically answer to this question, and it is done with the option ecryptfs_sig=(fekek_sig) (see man ecryptfs)

However, I don't but I don't know what should be the argument.

What is the argument that should be given to ecryptfs_sig to automatically chose the FNEK?

My guess is that I should add a key with ecryptfs-add-passphrase.

PS:

From man ecryptfs:

   ecryptfs_sig=(fekek_sig)
                 Specify the signature of the mount wide authentication token. The authentication token must be in the kernel keyring before the mount is performed. ecryptfs-
                               manager or the eCryptfs mount helper can be used to construct the authentication token and add it to the keyring prior to mounting.

The automated expression I already have:

mount -t ecryptfs,key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough,ecryptfs_enable_filename_crypto=y,no_sig_cache $FOLDER $FOLDER
user123456
  • 2,378

1 Answers1

2

Your guess is rigtht; you must run ecryptfs-add-passphrase --fnek; the option for mount is ecryptfs_fnek_sig=<fnek_sig>. See the answer to the question How do I mount an eCryptFS encrypted partition on login under the heading "This script does work".

AlexP
  • 10,197