Solved: How do I access the encrypted home dir

Post Reply
mister_v
Posts: 139
Joined: Sat Jun 20, 2009 5:42 pm

Solved: How do I access the encrypted home dir

Post by mister_v »

Hi,

I have to recover data from a hard disk (ext4 Kubuntu)
But the /home/user dir has been encrypted.

I have the user name and password,
I just don't know how to mount the encrypted part.
Last edited by mister_v on Tue Jun 28, 2011 6:12 pm, edited 1 time in total.
Chris
Site Admin
Posts: 129
Joined: Mon Jul 21, 2008 9:45 am
Location: Leuven, Belgium
Contact:

Re: How do I access the encrypted home dir

Post by Chris »

There are a few step you need to take.

First get the mount password phrase

Code: Select all

ecryptfs-unwrap-passphrase /home/.ecryptfs/ubuntu_user/.ecryptfs/wrapped-passphrase
The password you need to give for this is the login password.
The string you get now is the encryption key (KEY1)

We need to get a special signature that will be used later for decrypting filenames (standard in Ubuntu >= 9.04)

Code: Select all

sudo ecryptfs-add-passphrase --fnek
(note: first you will need to enter your sudo password and then the mount passphrase (KEY1))
Pay attention to the second "Inserted auth tok with sig" line and note down the value in square brackets (eg. 66a9f57af69a86ba) (KEY2) as we will need this signature later.

The actual decryption

Code: Select all

sudo mount -t ecryptfs /media/disk-3/home/.ecryptfs/ubuntu_user/.Private/ /mnt/encrypteddrive
  • You will be asked a series of questions
  • Enter the mount phrase when asked for the passphrase (KEY1)
  • Select aes as the encryption cipher
  • Select 16 bytes as the key length
  • Enter n for enabling of plaintext passthrough
  • Enter y for filename encryption (if you obtained the special signature in the earlier step)
  • Enter the special signature from earlier when you are prompted for the Filename Encryption Key (FNEK) Signature (KEY2)
Now you should be able to access the unencrypted files in /mnt/encrypteddrive.

note:
The first time you mount an unencrypted file system,
you get the following message:

Code: Select all

WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
You can safely ignore this.
mister_v
Posts: 139
Joined: Sat Jun 20, 2009 5:42 pm

Re: How do I access the encrypted home dir

Post by mister_v »

Thanks this helped.
Post Reply