J'ai tenté de monter le répertoire chiffré de cette manière :
[root@localhost userBis]# mount -t ecryptfs /home/user /media/decrypted2
Select key type to use for newly created files:
1) tspi
2) openssl
3) pkcs11-helper
4) passphrase
Selection: 4
Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32
2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]:
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]:
Enable plaintext passthrough (y/n) [n]:
Enable filename encryption (y/n) [n]: y
Filename Encryption Key (FNEK) Signature [a0d2e00ecfbe29ac]:
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_fnek_sig=a0d2e00ecfbe29ac
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=a0d2e00ecfbe29ac
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [a0d2e00ecfbe29ac] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : yes
Successfully appended new sig to user sig cache file
Mounted eCryptfs
Après cette opération, le contenu de /media/decrypted2 est le même que celui de la tentative précédente (un fichier .desktop et un Readme). J'ai à nouveau essayé de le déchiffrer une seconde fois, et le message d'erreur fut exactement le même que celui du premier post. J'ai cependant fait un dmesg | tail comme suggéré :
[ 286.808034] One or more global auth toks could not properly register; rc = [-2]
[ 286.808036] Error parsing options; rc = [-2]
[ 335.987682] Could not find key with description: [a0d2e00ecfbe29ac]
[ 335.987687] process_request_key_err: No key
[ 335.987689] Could not find valid key in user session keyring for sig specified in mount option: [a0d2e00ecfbe29ac]
[ 335.987690] One or more global auth toks could not properly register; rc = [-2]
[ 335.987692] Error parsing options; rc = [-2]
[ 502.430841] SELinux: initialized (dev ecryptfs, type ecryptfs), uses genfs_contexts
[ 589.135953] Mount on filesystem of type eCryptfs explicitly disallowed due to known incompatibilities
[ 589.136021] Reading sb failed; rc = [-22]
Pour ce qui est de mon mot de passe, il fonctionne correctement. La seule erreur possible viendrait de la phrase de passe qui est un code que je copie-colle.
À défaut de pouvoir chercher ailleurs, je vais me renseigner à propos de ce bug de SELinux.