The installer option to encrypt the home folder was used when installing Calculate 18 xfce version. Recently, the password was changed in a terminal using passwd
. How can the new password be assigned to be used automatically as the new passphrase to unlock one’s encrypted home folder? Note: This post was originally posted under Forum/Calculate Utilities but got no response; in retrospect, perhaps this section would be more appropriate.
On reboot, the display manager accepted my new password, but instead of displaying my desktop, a message appeared:
__Current shell:
cd /home/myusername
Failed to mount ecrypted data:
“:Failed to unwrap the passphrase”
Failed to configure the user account**
A tty was launched by using Ctr+Alt+F1, and login was possible using my username and my new password, but the following message appeared:
__Signature not found in user keyring
Perhaps try the interactive
‘ecryptfs-mount-private’**
The home folder appeared encrypted; a README.txt file reported that THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA:
$ pwd
/home/myusername
$ ls
Access-your-Private-Data.desktop README.txt
My home folder was unlocked by entering my former password for the following:
$ ecryptfs-mount-private
The response was as follows, but with sig modified:
__Inserted auth tok
sig [d8f46234234a4a0f7f]
into the user session keyring
INFO: Your private directory has been mounted
INFO: To see this change in your current shell
cd /home/myusername**
This ‘auth tok’ message reappears each time I reboot and repeat the procedure for another session (reported otherwise in earlier edit).
$ls
still reported the same two folder items shown above, but a message helped find my usual home folder contents by indicating correctly that the home folder could be accessed by doing cd /home/myusername
. This did indeed demonstrate unencrypted home folder contents, but this was unusual because after running ecryptfs-mount-private
, $pwd
reported that I was already at that path.
An x11 session can be launched with $startx
, but at that point perhaps it could be safer to return to the x11 session already running by doing Ctr+Alt+F7, as login works fully now because the home folder has been mounted.
Perhaps an additional step to change the passphrase is required. An explanation at the Arch Wiki re ecryptfs-rewrap-passphrase may point to a solution:
$ ecryptfs-rewrap-passphrase /home/$USER/.ecryptfs/wrapped-passphrase
Should one also ‘check’ the keyring as follows (and not ‘clear’ it with keyctl clear
u@ if the new passphrase was changed correctly)?
$ keyctl list @u
Does Calculate Linux just encrypt /home/myusername and not /home (nor /swap)?
man ecryptfs-rewrap-passphrase points to further help at /usr/share/doc/ecryptfs-utils/ecryptfs-faq.html
, which seems to correspond to /usr/share/doc/ecryptfs-utils-108-r1/html/ecryptfs-faq.html
, but it does not spell out commands for my situation. The man page points to further support also at http://ecryptfs.org, but I’m not sure whether the solution lies with ecryptfs-rewrap-passphrase regarding passphrase changes in Calculate Linux.
Originally, I thought that perhaps my password was not adopted as the passphrase automatically because of earlier system hardening, such as the following?
chmod 700 /root
chmod 600 /etc/cron.allow
chmod 600 /etc/at.allow
chmod 700 /usr/lib64/audit
chmod -R 700 /etc/skel
Could someone please confirm whether simply executing the ecryptfs-rewrap-passphrase command above in a tty will prompt me to change my passphrase appropriately for this OS, perhaps after executing ecryptfs-mount-private? Thank you for any help.