eCryptfs using openssl encountered "Transport endpoint is not connected" when writting file into the mounted folder

eCryptfs using openssl encountered "Transport endpoint is not connected" when writting file into the mounted folder

[cc chen]

Greetings, 


I am having the error as per subject when I am using the openssl
(passphrase) key type, the thing is I don't get this error when using the
passphrase as key type.

Below is the steps using openssl as key type, appreciate someone can help to
advise what are the mistake:

(A) Create test.pem public/private cert using using "ecryptfs-manager"
(B) List of commands to mount the disk and result output:

# mount -t ecryptfs  /secure/.s3 /secure/s3
Select key type to use for newly created files:
 1) openssl
 2) passphrase
 3) tspi
Selection: 1
PEM key file [/root/.ecryptfs/pki/openssl/key.pem]: test.pem
Method of providing the passphrase:
 1) openssl_passwd: Enter on Console
 2) openssl_passwd_file: File Containing Passphrase
 3) openssl_passwd_fd: File Descriptor for File Containing Passphrase
Selection [openssl_passwd]: 1
Passphrase:
Select cipher:
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not
loaded)
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
 4) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 5) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]:
Select key bytes:
 1) 16
 2) 32
 3) 24
Selection [16]:
Enable plaintext passthrough (y/n) [n]:
Enable filename encryption (y/n) [n]:
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=74c90d4c6548e015
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.

Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [74c90d4c6548e015] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : no
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs

# cd s3
# touch test1
touch: cannot touch `test1': Input/output error




Thank you very much.




-- 
Disclaimer : This E-mail is intended only for the use of the individual or 
entity named above and may contain information that is confidential. If you 
are not the intended recipients, please immediately notify us by return 
email and delete it from your system. Any unauthorised dissemination, 
distribution or copying of this email is strictly prohibited. Thank You.

Re: eCryptfs using openssl encountered "Transport endpoint is not connected" when writting file into the mounted folder

[Tyler Hicks]

[-- Attachment #1: Type: text/plain, Size: 2975 bytes --]

On 2013-12-09 18:32:54, cc chen wrote:
> Greetings, 
> 
> 
> I am having the error as per subject when I am using the openssl
> (passphrase) key type, the thing is I don't get this error when using the
> passphrase as key type.

The OpenSSL support in eCryptfs has never been very polished. There's
not much user demand for it at this time, so the focus has primarily
been placed on passphrase support.

> 
> Below is the steps using openssl as key type, appreciate someone can help to
> advise what are the mistake:
> 
> (A) Create test.pem public/private cert using using "ecryptfs-manager"
> (B) List of commands to mount the disk and result output:
> 
> # mount -t ecryptfs  /secure/.s3 /secure/s3
> Select key type to use for newly created files:
>  1) openssl
>  2) passphrase
>  3) tspi
> Selection: 1
> PEM key file [/root/.ecryptfs/pki/openssl/key.pem]: test.pem
> Method of providing the passphrase:
>  1) openssl_passwd: Enter on Console
>  2) openssl_passwd_file: File Containing Passphrase
>  3) openssl_passwd_fd: File Descriptor for File Containing Passphrase
> Selection [openssl_passwd]: 1
> Passphrase:
> Select cipher:
>  1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
>  2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not
> loaded)
>  3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
>  4) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
>  5) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
> Selection [aes]:
> Select key bytes:
>  1) 16
>  2) 32
>  3) 24
> Selection [16]:
> Enable plaintext passthrough (y/n) [n]:
> Enable filename encryption (y/n) [n]:
> Attempting to mount with the following options:
>   ecryptfs_unlink_sigs
>   ecryptfs_key_bytes=16
>   ecryptfs_cipher=aes
>   ecryptfs_sig=74c90d4c6548e015
> WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
> it looks like you have never mounted with this key
> before. This could mean that you have typed your
> passphrase wrong.
> 
> Would you like to proceed with the mount (yes/no)? : yes
> Would you like to append sig [74c90d4c6548e015] to
> [/root/.ecryptfs/sig-cache.txt]
> in order to avoid this warning in the future (yes/no)? : no
> Not adding sig to user sig cache file; continuing with mount.
> Mounted eCryptfs
> 
> # cd s3
> # touch test1
> touch: cannot touch `test1': Input/output error

You need to have an ecryptfsd process running for each user that will be
accessing the mount point. The kernel asks ecryptfsd to wrap/unwrap the
file encryption key using the public/private key that you generated with
OpenSSL.

Performance is bad and I wouldn't expect as stable of an experience as
with passphrase based mounts. It would be great if someone was
interested in fostering the OpenSSL feature to make bring it up to the
same level of maturity as passphrase.

Tyler

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]