zEscrow - escrow a copy of ~/.ecryptfs and the mount passphrase to an
escrow service compatible with the zEscrow open API for safe keeping
This interactive utility enables eCryptfs Encrypted Home and Encrypted
Private users to escrow a copy of their ~/.ecryptfs configuration and
randomly generated mount passphrase to an escrow service compatible
with the zEscrow open API.
zEscrow.gazzang.com is a public implementation of the open source
(AGPL) project and API at https://launchpad.net/zEscrow. It is
designed to help some eCryptfs users remotely store a copy of their
eCryptfs configuration for safe keeping, in the event that they lose
all or some of their configuration.
First, this program will prompt the user for the target zEscrow server,
defaulting to the public instance at https://zEscrow.gazzang.com. Note
that a target server should have a valid SSL certificate.
Next, it will retrieve the gpg(1) fingerprint and gpg(1) public key of
the zEscrow instance, and import it into a temporary keyring.
It will then prompt the user for their LOGIN passphrase, in order to
ecryptfs-unwrap-passphrase(1) and store the MOUNT passphrase.
Next, it will create a compressed, encrypted, encoded archive using
tar(1), gzip(1), and gpg(1), and submit it to the output to the chosen
zEscrow instance using curl(1). It will confirm the md5sum(1) with the
Note that the uploaded archive will contain ~/.ecryptfs/*, which
Neither your LOGIN passphrase, nor your wrapped-passphrase are ever
sent to the server.
The local utility will confirm that the server's returned md5sum
matches the locally calculated value. If everything matches, the
program will display a unique URL, to which the user should navigate,
where they will login using a Google OpenID account, and associate an
email address with the uploaded data. The program will offer to launch
a sensible-browser(1) to the returned URL.
Any failure whatsoever will result in a non-zero exit code, and the
user should beware that their eCryptfs configuration was NOT uploaded.
ecryptfs-recover-private(1), ecryptfs-unwrap-passphrase(1), tar(1),
gzip(1), gpg(1), curl(1), md5sum(1), sensible-browser(1),
This manpage was written by Dustin Kirkland <firstname.lastname@example.org> for
Ubuntu systems (but may be used by others). Permission is granted to
copy, distribute and/or modify this document under the terms of the GNU
General Public License, Version 2 or any later version published by the
Free Software Foundation.
On Debian systems, the complete text of the GNU General Public License
can be found in /usr/share/common-licenses/GPL.