Comment 2 for bug 1446055

Revision history for this message
James Johnston (mail-codenest) wrote :

From what I've been able to tell, this tool is obsolete and apparently isn't built any more with the Ubuntu ecryptfs userspace tools. As you read in the IBM whitepaper, the ecryptfs-generate-tpm-key command is used in conjunction with the TSPI key module of ecryptfs.

But a maintainer of ecryptfs has stated that the TSPI module was a proof of concept (supposedly it doesn't perform well since it uses TPM on every file I/O) and should not have made it into the upstream ecryptfs-utils project to begin with: https://bugs.launchpad.net/ecryptfs/+bug/787907. He said he was going to remove it when kernel 3.1 was released; I suppose that has probably happened by now. (Maybe he missed the man page?)

Apparently the replacement is to use trusted and encrypted keys on the kernel keyring, but I'm struggling with that, too: http://askubuntu.com/questions/750792/practical-use-of-ecryptfs-encrypted-keys-and-tpm-how-to-convert-existing-user