This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: EFS encrypted files & ssh

From: Lapo Luchini <lapo at lapo dot it>
To: "[ML] CygWin " <cygwin at cygwin dot com>
Date: Thu, 24 Mar 2005 23:56:32 +0100
Subject: Re: EFS encrypted files & ssh
References: <20050107113208.GC23589@cygbert.vinschen.de> <E1Cmtgv-0005AA-00@deer.gmane.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris January wrote:
>>Is it normal that during an SSH connection EFS-encrypted 
>>files are not 
>>accessible?
>>Is it for the way the SSH token autentication is made?
> Yes, it probably is.
> I belive the user's private EFS is encrypted using their password hash. If
> the SSH token was generated without using a password (e.g. because you are
> using RSA authenitcation) then the EFS key can't be decrypted and used.

OK, I (finally) was able to reproduce it consistently, but SSH was
actually not "necessary" to see it:
(no, I'm not doing anything "funny": I have a backup =P)

% gpg --delete-secret-key C8F252FB
gpg (GnuPG) 1.4.0; Copyright (C) 2004 Free Software Foundation, Inc.
sec  1024D/C8F252FB 1997-08-20 Lapo Luchini <lapo@lapo.it>
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
gpg: renaming `/home/lapo/.gnupg/secring.gpg.tmp' to
`/home/lapo/.gnupg/secring.gpg' failed: Permission denied
gpg: WARNING: 2 files with confidential information exists.
gpg: /home/lapo/.gnupg/secring.gpg is the unchanged one
gpg: /home/lapo/.gnupg/secring.gpg.tmp is the new one
gpg: Please fix this possible security flaw
gpg: deleting keyblock failed: file rename error
gpg: C8F252FB: delete key failed: file rename error

% ll -a /home/lapo/.gnupg/secr*
- -rw-------  1 lapo Nessuno 9507 Jan  6 15:29 secring.gpg
- -rw-------  1 lapo Nessuno 7736 Mar 24 23:47 secring.gpg.tmp

Nothing strange here... but actually the .gnupg directory is "green"
(EFS-encrypted).

Any idea?

Oh, I just noticed this also:

% rm /home/lapo/.gnupg/secring.gpg
% ll -a /home/lapo/.gnupg/secr*
ls: /home/lapo/.gnupg/secring.gpg: No such file or directory
- -rw-------  1 lapo Nessuno 7736 Mar 24 23:47 secring.gpg.tmp

...but with Windows Explorer, the file is still there.
0_o

- --
L a p o   L u c h i n i
l a p o @ l a p o . i t
w w w . l a p o . i t /
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJCQ0WfAAoJELBiMTth2oCDM0UP/0Y/tya6L1aR2e1IyQnJJZ0B
QnLERVkac/02/W4JhXpWkjHsNASH/MpajT1NOticCVtgLBXO5wNX0a5+HmXVh8uu
U+eqfoINboiJ1qFnUODqzJvlG5dVKHjnFKFLHQyPd38Pjo+iQ3BN3oXvzirIt7pE
QgMBgg26kSlSs1SCQl6AKHKW4YkLp4EO1y4tJLfxO+T/Q+7EsnLyWx3a2dLVG4k4
3WvXM33iOadj5TF6aTxBOXb8UzQLpzcYqZsfiBEUwXt/MnRlrZSlUh20AcM/NN3n
0fZs3WiOKw1ER2/SfA20BKd0zDL1VagPXNurSDmMZoA73XudHcfUnP2o/T46rFgO
8NXWQtIFJNo2+0cOW2YszPDWNmgvWEARbNbtAEJ6iCRgotiD9tPkABRe/guvPIsr
dCll063V7X5hnLGo3YrcASVDTbQx6d5K0/ceESS97ltEeYrEK7m/ZpyNoWhwC9lu
9lhZIPW3RMcFQkdHWxyLnGk3fGtsWp3XG6Z8Cpo5zEiwoJFRQPbTFuuip0+g4WmS
QWzjk3KfSEdiCFpYYCRf4LuN/wOjMmU6QEEGs/sLVsJQLd7N95V72Bh0h2COYLIh
vJgruyJLuEDoS/X2FO9g1kUMUW9OPuq34nm7uhSc3NBiFKuDvHRCO/iLupOkLNvX
6AXYJGQytcOFJ3Tq1nAm
=lohU
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]