Provided by: zescrow-client_1.3-0ubuntu1_all bug


       zEscrow  -  escrow  a  copy  of  ~/.ecryptfs and the mount passphrase to an escrow service
       compatible with the zEscrow open API for safe keeping




       This interactive utility enables eCryptfs Encrypted Home and Encrypted  Private  users  to
       escrow  a  copy of their ~/.ecryptfs configuration and randomly generated mount passphrase
       to an escrow service compatible with the zEscrow open API. is a public implementation of the open source (AGPL) project  and  API
       at   It  is  designed to help some eCryptfs users remotely
       store a copy of their eCryptfs configuration for safe keeping, in the event that they lose
       all or some of their configuration.

       First,  this program will prompt the user for the target zEscrow server, defaulting to the
       public instance at  Note that a target server should  have  a
       valid SSL certificate.

       Next,  it  will  retrieve  the  gpg(1)  fingerprint  and  gpg(1) public key of the zEscrow
       instance, and import it into a temporary keyring.

       It will then prompt the user for their LOGIN  passphrase,  in  order  to  ecryptfs-unwrap-
       passphrase(1) and store the MOUNT passphrase.

       Next,  it  will create a compressed, encrypted, encoded archive using tar(1), gzip(1), and
       gpg(1), and submit it to the output to the chosen zEscrow instance using curl(1).  It will
       confirm the md5sum(1) with the remote server.

       Note that the uploaded archive will contain ~/.ecryptfs/*, which typically includes:
        - auto-umount
        - auto-mount
        - Private.sig
        - Private.mnt
        - unwrapped-passphrase

       Neither your LOGIN passphrase, nor your wrapped-passphrase are ever sent to the server.

       The  local  utility  will  confirm  that  the server's returned md5sum matches the locally
       calculated value.  If everything matches, the program will display a unique URL, to  which
       the  user  should  navigate,  where  they  will  login  using a Google OpenID account, and
       associate an email address with the uploaded data.  The program will  offer  to  launch  a
       sensible-browser(1) to the returned URL.

       Any  failure  whatsoever  will  result in a non-zero exit code, and the user should beware
       that their eCryptfs configuration was NOT uploaded.


       ecryptfs-recover-private(1),  ecryptfs-unwrap-passphrase(1),  tar(1),   gzip(1),   gpg(1),
       curl(1),        md5sum(1),        sensible-browser(1),,


       This manpage was written by Dustin Kirkland <> for Ubuntu systems  (but
       may  be  used  by  others).   Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU General Public License, Version 2 or any later version
       published by the Free Software Foundation.

       On  Debian  systems,  the  complete text of the GNU General Public License can be found in