$ encfs ~/.crypt ~/crypt/ The directory "/home/harrisl/.crypt/" does not exist. Should it be created? (y,n) y Creating new encrypted volume. Please choose from one of the following options: enter "x" for expert configuration mode, enter "p" for pre-configured paranoia mode, anything else, or an empty line will select standard mode. ?> Standard configuration selected. Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 2:2:1 Filename encoding: "nameio/block", version 3:0:1 Key Size: 192 bits Block Size: 1024 bytes Each file contains 8 byte header with unique IV data. Filenames encoded using IV chaining mode. File holes passed through to ciphertext. Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl. New Encfs Password: Verify Encfs Password: 16:18:26 (SSL_Cipher.cpp:794) encoding 40 bytes, got back 32 (0 in final_ex) fusermount: failed to access mountpoint /home/harrisl/crypt: Permission denied fuse failed. Common problems: - fuse kernel module not installed (modprobe fuse) - invalid options -- see usage message It also prevents mounting of existing encfs volumes with the same encoding 40 bytes, got back 32 error Downgrading to openssl-0.9.8l fixes the problem Reproducible: Always
I have confirmed this on my system (lost some files), fixed in Debian for openssl-0.9.8m http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571810
Had trouble with an encrypted /home using openssl-0.9.8m, too. Downgrading to openssl-0.9.8l-r2 fixed the problem
Marking this critical
CC to base-system@gentoo.org
http://sourceforge.net/mailarchive/message.php?msg_name=BAY114-W25D2FAC625E0E4A7D37BA7FE390@phx.gbl Upstream bug
+*openssl-0.9.8m-r1 (09 Mar 2010) + + 09 Mar 2010; Fabio Erculiani <lxnay@gentoo.org> -openssl-0.9.8m.ebuild, + +openssl-0.9.8m-r1.ebuild, +files/openssl-0.9.8m-cfb.patch: + fix critical bug #308123, thanks Joost Ruis for reporting + Following what Debian and Arch did, I added the patch above. Thanks for reporting.