2

I set up a ~/Private directory, but now i want to change the passphrase i used. I moved all files out of that folder in order to start from scratch. So far i tried with:

~ $ cd /
/ $ ecryptfs-umount-private
/ $ ecryptfs-setup-private --force

I change to root because otherwise i would be unable to unmount. ecryptfs-setup-private then asks me to logout and login agan, but after doing that, i still cannot use my new passphrase to unmount and mount the directory again:

~ $ cd /
/ $ ecryptfs-umount-private 
/ $ ecryptfs-mount-private 
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect

I think that the new passphrase was actually not adopted by ecryptfs, for some reason.

Note about duplication:

This question is a duplicate of this one, but i found the latter unclear and not helpful, because it is focusing about wrapping and unwrapping the passphrase, which is not related to this problem as far as i understand

Community
  • 1
danza
  • 153
  • 1
  • 7
  • Do you have a `wrapped-passphrase` file somewhere in your home folder? If you do, then you probably do want to unwrap/rewrap using a new passphrase. But, if everything's set up properly, then changing your user login passphrase normally should change the `wrapped-passphrase` file too since it should use your login passphrase to decrypt the eCryptFS folder. – Xen2050 Mar 13 '16 at 23:59
  • I don't want to change my login passphrase. I want to change the passphrase used to encrypt/decrypt the Ecrypt folder – danza Mar 14 '16 at 16:47
  • Are your login passphrase & ecryptfs passphrase the same now, or different? Does `ecryptfs-unwrap-pasphrase` work now? And you didn't answer if you even have a wrapped-passphrase file, do you? – Xen2050 Mar 15 '16 at 00:02
  • My login passphrase is different from my ecryptfs passphrase. `ecryptfs-unwrap-passphrase` works, it shows my new passphrase, but i cannot use the showed passphrase to unmount and remount. I think that the folder is styll encrypted with the old passphrase. I have a `~/.ecryptfs/wrapped-passphrase` file – danza Mar 17 '16 at 09:48
  • I might be getting confused between "login passphrase", "ecryptfs passphrase" (that unwraps the wrapped-passphrase file), and ecryptfs's "mount passphrase" (actual key to decrypt files). If you can still decrypt the files, then you just want to change the wrapped-passphrase file to use a new "ecryptfs passphrase", so you **do** want the rewrap passphrase tool. If you've changed the mount passphrase without re-encrypting the files with it, then you may have lost the files. If you want to erase everying & start over, why won't that work? – Xen2050 Mar 18 '16 at 11:48
  • Yep, the terminology is definitely confusing here. What i want to do, is to change what you call the "mount passphrase". How can i change it? Running `ecryptfs-setup-private --force` seems to have actually kept the former mount passphrase. What should i erase? – danza Mar 23 '16 at 10:14

1 Answers1

0

As said in Change the passphrase of an ecryptfs directory :

There is no way to change the passphrase on the fly as ecryptfs encrypts each file with that passphrase individually and all files need to be rewritten with the new passphrase.

So all you can do is create a new directory, mount it with the new passphrase and copy all the files over there.

TheFisch
  • 93
  • 1
  • 1
  • 6