I am encrypting a directory /opt/directory using ecryptfs. I want to create service using systemd and init.d that prompts the user for encryption password and mounts the directory. I have tried using ssh-askpass in my script called by the systemd service but it does not prompt for password when my computer starts and hence, the directory is not mounted.
Following is my script to mount the directory:
#!/bin/bash
SIG='/root/.ecryptfs/encryption.sig'
ECRYPTFS_WRAPPED_PASSWORD="/root/.ecryptfs/directory-encryption.wrapped"
# test if authing and test if the mount point is not mounted
if ! mountpoint -q "/opt/directory"; then
PASSWORD=$(ssh-askpass)
# insert the wrapped password and mount the directory, expose_authtok types the password into the
# ecryptfs-insert-wrapped-passphrase-into-keyring command for us
SIG=$(head -n 1 "$SIG")
sudo -s -u "root" /bin/bash -c "printf "%s" "$PASSWORD" | ecryptfs-insert-wrapped-passphrase-into-keyring $ECRYPTFS_WRAPPED_PASSWORD && sudo mount -i -t ecryptfs /opt/directory /opt/directory -o ecryptfs_sig=$SIG,ecryptfs_fnek_sig=$SIG,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs"
fi
The script is working fine when called directly but when called at startup using systemd, it is not prompting me for password. Following is my systemd file:
[Unit]
Description=Directory Encryption Service
[Service]
ExecStart=/root/.ecryptfs/directory-encryption-script
StandardOutput=null
[Install]
WantedBy=multi-user.target
Alias=directory a.encryption.service
