"ecryptfs_parse_packet_set: Expected signature of size [8]; read size [7]"

Asked by Dustin Kirkland 

Older versions of eCryptfs shipping in older kernels had a minor bug where eCryptfs would only write out and read in 7 of the 8 key signature characters to the metadata of the lower file. This violates the eCryptfs spec, so newer versions of eCryptfs correct this bug and refuse to read files that do not conform to the spec.

The current correctly implemented version of eCryptfs cannot read files created with the early nonconformant and buggy release. If you have any files created with the earlier version, you will need to boot with the earlier version of eCryptfs and copy the decrypted files to secure location (e.g., a loopback mount image protected with dm-crypt). You will then need to copy the data from the secure location into an eCryptfs mount using the most recent kernel release.

Note that the Versions of eCryptfs from 2.6.24 and on will be able to read files created by earlier versions, back through to 2.6.24, as indicated in the ecryptfs-utils package README file:

eCryptfs is still in a developmental stage. When you upgrade the eCryptfs kernel module, it is possible that the eCryptfs file format has been updated. For this reason you should copy your files to an unencrypted location and then copy the files back into the new eCryptfs mount point to migrate the files. File format version 3 and beyond (in kernel version 2.6.24) is expected to remain readable, however.

Question information

Language:
English Edit question
Status:
Solved
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Solved by:
Dustin Kirkland 
Solved:
Last query:
Last reply:
Revision history for this message
Dustin Kirkland  (kirkland) said :
#1

From the FAQ.