recently I had some trouble with my DS111 (DSM 3.2-1955).
After a few month of uptime I had to reboot my device. After
that some of my shared folders were no longer mountable with
their key files (Error message: Password failed).
The good news for me... Today I upgraded to DSM 4.0-2198 and I
could mount all my shares again!
In the meantime I tried to copy and then mount the @...@ folders on
my linux box. This did not work because the key is encrypted (wrapped)
in the keyfile using ecryptfs-wrap-passphrase.
The first 16 bytes of all my key files are identical, so this must be
the wrapping_auth_tok_sig part I saw in the source. There are 2 secrets
used to calculate the wrapping key. A salt and a wrapping passphrase. So
my questions are:
- What is the wrapping salt (when not the default)?
- What is the wrapping passphrase / Where is it stored? / When and Why does it change?
- What are the files in /usr/syno/etc/.encrypt good for, when automount is off?
I need this information, so that I can mount my files after a total crash
and to gain trust again after the "cannot access my files disaster".
Thank you for your help!