GNU.WIKI: The GNU/Linux Knowledge Base

  [HOME] [PHP Manual] [HowTo] [ABS] [MAN1] [MAN2] [MAN3] [MAN4] [MAN5] [MAN6] [MAN7] [MAN8] [MAN9]

  [0-9] [Aa] [Bb] [Cc] [Dd] [Ee] [Ff] [Gg] [Hh] [Ii] [Jj] [Kk] [Ll] [Mm] [Nn] [Oo] [Pp] [Qq] [Rr] [Ss] [Tt] [Uu] [Vv] [Ww] [Xx] [Yy] [Zz]


       zEscrow  -  escrow a copy of ~/.ecryptfs and the mount passphrase to an
       escrow service compatible with the zEscrow open API for safe keeping




       This interactive utility enables eCryptfs Encrypted Home and  Encrypted
       Private  users  to escrow a copy of their ~/.ecryptfs configuration and
       randomly generated mount passphrase to  an  escrow  service  compatible
       with the zEscrow open API.  is  a  public  implementation  of  the open source
       (AGPL)  project  and  API  at   It   is
       designed  to  help  some  eCryptfs users remotely store a copy of their
       eCryptfs configuration for safe keeping, in the event  that  they  lose
       all or some of their configuration.

       First, this program will prompt the user for the target zEscrow server,
       defaulting to the public instance at  Note
       that a target server should have a valid SSL certificate.

       Next,  it will retrieve the gpg(1) fingerprint and gpg(1) public key of
       the zEscrow instance, and import it into a temporary keyring.

       It will then prompt the user for their LOGIN passphrase,  in  order  to
       ecryptfs-unwrap-passphrase(1) and store the MOUNT passphrase.

       Next,  it  will  create  a compressed, encrypted, encoded archive using
       tar(1), gzip(1), and gpg(1), and submit it to the output to the  chosen
       zEscrow instance using curl(1).  It will confirm the md5sum(1) with the
       remote server.

       Note that  the  uploaded  archive  will  contain  ~/.ecryptfs/*,  which
       typically includes:
        - auto-umount
        - auto-mount
        - Private.sig
        - Private.mnt
        - unwrapped-passphrase

       Neither  your  LOGIN  passphrase,  nor your wrapped-passphrase are ever
       sent to the server.

       The local utility  will  confirm  that  the  server's  returned  md5sum
       matches  the  locally  calculated  value.   If  everything matches, the
       program will display a unique URL, to which the user  should  navigate,
       where  they  will login using a Google OpenID account, and associate an
       email address with the uploaded data.  The program will offer to launch
       a sensible-browser(1) to the returned URL.

       Any  failure  whatsoever  will  result in a non-zero exit code, and the
       user should beware that their eCryptfs configuration was NOT uploaded.


       ecryptfs-recover-private(1),   ecryptfs-unwrap-passphrase(1),   tar(1),
       gzip(1),     gpg(1),     curl(1),    md5sum(1),    sensible-browser(1),,


       This manpage was written by Dustin Kirkland  <>  for
       Ubuntu  systems  (but may be used by others).  Permission is granted to
       copy, distribute and/or modify this document under the terms of the GNU
       General Public License, Version 2 or any later version published by the
       Free Software Foundation.

       On Debian systems, the complete text of the GNU General Public  License
       can be found in /usr/share/common-licenses/GPL.

  All copyrights belong to their respective owners. Other content (c) 2014-2018, GNU.WIKI. Please report site errors to
Page load time: 0.114 seconds. Last modified: November 04 2018 12:49:43.