|

Recover encrypted home folder under Ubuntu / Kubuntu

The community documentation can be of great help, namely the following section

  1. If you use encrypted filenames (standard in Ubuntu >= 9.04) you have to do the following first:
    •  sudo ecryptfs-add-passphrase --fnek 
    •  Passphrase:  (Enter the mount passphrase you recorded when you setup the mount–this passphrase is different from your login passphrase.)
    • You should now get two lines looking like this:
    •  Inserted auth tok with sig [9986ad986f986af7] into the user session keyring 
    •  Inserted auth tok with sig [76a9f69af69a86fa] into the user session keyring  (write down the second value in the square brackets)
  2. Mount using sudo:
    •  sudo mkdir -p /home/username/Private  
    •  sudo mount -t ecryptfs /home/username/.Private /home/username/Private 
    •  Selection: 3  (use a passphrase key type)
    •  Passphrase:  (Enter the mount passphrase you recorded when you setup the mount–this passphrase is different from your login passphrase.)
    •  Selection: aes  (use the aes cipher)
    •  Selection: 16  (use a 16 byte key)
    •  Enable plaintext passthrough: n 
    •  Enable filename encryption: y  (This and the following options only apply if you are using filename encryption)
    •  Filename Encryption Key (FNEK) Signature:  (the value you wrote down from the second line above)

Problem is, like some folks at the Ubuntu forums, I encounted the following error when trying sudo mount -t encryptfs /source /destination:

Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_fnek_sig=xxx
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=xxx
Error mounting eCryptfs: [-2] No such file or directory
Check your system logs; visit

After fiddling around for a whole day, I finally figured out the problem: the blind confidence in Linux developers’ ability. You see, I used to believe Linux’s symlink always point to the same directory on the drive event after it was mounted somewhere else. So say if a link from your old drive, say ~/etc points to /etc, when you mount the root filesystem on another machine, it should now point to /media/mount/etc right? Wrong!

Problem is, the hidden .Private in the encrypted folder is only one such symlink, and when you attempted to mount it in another system, the symlink is broken. If you do a ls -l, you can see the symlink points to /home/.ecryptfs/<yourusername>/.Private relative to your old directory structure, so to successfully mount your encrypted folder, you shouldn’t mount /home/<yourusername>/.Private like mentioned in the tutorial, but instead

sudo mount -t ecryptfs /media/[old drive mount point]/home/.ecryptfs/[your old username]/.Private /home/[your new username]/[new mount point]

Problem solved!

Leave a Reply

Your email address will not be published. Required fields are marked *