Provided by: zescrow-client_1.7-0ubuntu1_all
NAME
zEscrow - escrow a copy of ~/.ecryptfs and the mount passphrase to an escrow service compatible with the zEscrow open API for safe keeping
SYNOPSIS
zescrow
DESCRIPTION
This interactive utility enables eCryptfs Encrypted Home and Encrypted Private users to escrow a copy of their ~/.ecryptfs configuration and randomly generated mount passphrase to an escrow service compatible with the zEscrow open API. zEscrow.gazzang.com is a public implementation of the open source (AGPL) project and API at https://launchpad.net/zEscrow. It is designed to help some eCryptfs users remotely store a copy of their eCryptfs configuration for safe keeping, in the event that they lose all or some of their configuration. First, this program will prompt the user for the target zEscrow server, defaulting to the public instance at https://zEscrow.gazzang.com. Note that a target server should have a valid SSL certificate. Next, it will retrieve the gpg(1) fingerprint and gpg(1) public key of the zEscrow instance, and import it into a temporary keyring. It will then prompt the user for their LOGIN passphrase, in order to ecryptfs-unwrap- passphrase(1) and store the MOUNT passphrase. Next, it will create a compressed, encrypted, encoded archive using tar(1), gzip(1), and gpg(1), and submit it to the output to the chosen zEscrow instance using curl(1). It will confirm the md5sum(1) with the remote server. Note that the uploaded archive will contain ~/.ecryptfs/*, which typically includes: - auto-umount - auto-mount - Private.sig - Private.mnt - unwrapped-passphrase Neither your LOGIN passphrase, nor your wrapped-passphrase are ever sent to the server. The local utility will confirm that the server's returned md5sum matches the locally calculated value. If everything matches, the program will display a unique URL, to which the user should navigate, where they will login using a Google OpenID account, and associate an email address with the uploaded data. The program will offer to launch a sensible-browser(1) to the returned URL. Any failure whatsoever will result in a non-zero exit code, and the user should beware that their eCryptfs configuration was NOT uploaded.
SEE ALSO
ecryptfs-recover-private(1), ecryptfs-unwrap-passphrase(1), tar(1), gzip(1), gpg(1), curl(1), md5sum(1), sensible-browser(1), https://zEscrow.gazzang.com, https://launchpad.net/zEscrow http://launchpad.net/ecryptfs/
AUTHOR
This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.