I had the honor of introducing zEscrow about a week ago, at the Ubuntu Developer Summit during Friday's plenary of lightning talks. You can also view my slides now!
save your encrypted life at some point!
The Quick Start GuideIf you're running a version of prior to Ubuntu 12.04 LTS, first add the PPA:
sudo apt-add-repository ppa:zescrow/ppa
sudo apt-get install zescrow
And if you're on Ubuntu 12.04 LTS, just install.
sudo apt-get install zescrow-client
zescrow, and follow the three simple prompts:
- Choose your server
- Enter your login password
- Visit the one-time URL
How it Works
- Choose your zEscrow server. I recommend that you use the default, zescrow.gazzang.com.
- The zescrow utility will download the public GPG key associated with your zEscrow server and load it into a temporary keyring stored entirely in memory.
- Enter your LOGIN password. This will be used to decrypt your ~/.ecryptfs/wrapped-passphrase file. Under NO circumstances will your LOGIN password will sent to the remote server!!!
- The utility will create a tar archive of your entire ~/.ecryptfs directory, but replacing your wrapped-passphrase file, with unwrapped-passphrase. This protects your LOGIN passphrase from ever leaving your system, but ensures that your randomly generated MOUNT passphrase will be securely transferred to the remote server
- This ecryptfs.tar archive is securely transmitted to the zEscrow server over SSL.
- Upon a successful transmission to the zEscrow server, a cryptographically nonced URL link is sent back to the client utility, which embeds a checksum of the transmitted archive, verifying the integrity of the transmission.
- You MUST complete the transaction by opening the link IMMEDIATELY, to "claim" this upload as yours. Upon doing so, you'll be required to login using Google OpenID.
- (Yes, you must have a Google OpenID to use this service. Sorry. Send a patch, if you want support for another OpenID provider).
Unhappy Users Don't Back Up their eCryptfs PassphraseA few random quotes from the last 2 months alone:
- "Through idiocracy I have screwed up my encrypted home directory and if possible I need help getting it back."
- "I was trying to mount my encrypted home directory from a livecd in order to back up my data (according to the instructions), when I accidentally deleted one of the .ecryptfs folders in my encrypted home."
- "Mr Kirkland, my name is MB. I used an Ubuntu system with ecryptfs. Something happened and it all went up in smoke. I saved a backup and moved on. Chalked it up to bad backup practices and moved on. I found the encrypted backup a few days ago, and I've been trying to unscrew it. I *think* I found the old wrapped-passphrase file, and I tried to fix it. So far, I've been unable".
- "Please help as I am stuck in Korea and will be totally shagged without my e-mail and data. I have 6 months un-backedup work on the disk, of course. And I saved the password for the disk on my home partition...great move eh?"
But Happy Users Do Back Up their eCryptfs Passphrase!On the other hand, I have helped hundreds upon hundreds of users recover their data, when its clear that they HAVE backed up their randomly generated MOUNT passphrase. These two blog post of mine, about the ecryptfs-recover-private utility and how to mount your encrypted home from a live CD, are my two all-time most viewed posts. A few quotes from happy users:
- "you saved my life, thank you!"
- "Where do I send hugs? It's great, thanks so much! I just want to add my note"
- "Worked like a charm - thanks."
- "YOU SAY IT! *YOU* *THE* *MAN* JUST SAVED MY LIFE! THANK YOU"
- "Thanks $deity and Dustin, this method works for recover my encrypted private directory and backup it to external drive. Thanks again for this tutorial."
- "Thanks Man!! it worked for me!!"
- "Today, making a liveCD and following your instructions above put a massive smile on my face. I can't believe I've now got access to everything again and nothing is lost. Thank you so much for sharing your knowledge - I shall sleep well tonight!"
- "Thank you for this addition to Natty! I was having a hard time mounting my files on a system I wrecked ;)"
- "thank's a lot, u'r save my life"
- "My god. Thank you so much! I tried to upgrade to 11.04, and it wrecked my OS. This is a lifesaver."
- "This is cake my friend nice job! I remember when this was stuff was hard. I've been trying to recover a drive for some time now."
- "I just wanted to say thanks for building this. I used it to recover a ~/.Private directory on an external drive, and it worked flawlessly. It's folks like yourself building tools like this that makes open source projects such a pleasure to use. So kudos, and thanks."